Firefox still complains about CSP

Question

Firefox still complains about CSP

andrewbrock-sahmri opened this issue 2 years ago · comments

#3 appears to have fixed the CSP error in Chrome, but it's still flagging in Firefox (v96.0.1).

Using get-intrinsic v1.1.1

// eslint-disable-next-line consistent-return
var getEvalledConstructor = function (expressionSyntax) {
	try {
		// eslint-disable-next-line no-new-func
		return Function('"use strict"; return (' + expressionSyntax + ').constructor;')(); // <---- Firefox points at this
	} catch (e) {}
};

Error message is:
Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).

Jordan Harband · Answer 1 · Tue Jan 18 2022 10:01:56 GMT+0800 (China Standard Time)

If Firefox is going to warn on never-executed Function usage, then there’s not much i can do about it.

you may want to file a bug for Firefox.

Andrew Brock · Answer 2 · Tue Jan 18 2022 10:07:35 GMT+0800 (China Standard Time)

Thanks, I think I've found a corresponding Firefox bug(s), I'll drop the link here and close the issue
https://bugzilla.mozilla.org/show_bug.cgi?id=1580514
https://bugzilla.mozilla.org/show_bug.cgi?id=1650112