Closed juandopazo closed 9 years ago
ljharb
commented
9 years ago Function#bind is impossible to polyfill without a form of eval. What I recommend is that you polyfill this module in a separate script, with a CSP hash so that it complies - and then use bundle splitting in browserify/webpack to avoid including this module elsewhere.
juandopazo
commented
9 years ago Do you mind explaining to me why it's impossible not to use eval? Is it because of fn.length?
ljharb
commented
9 years ago Yes, you're correct that that's the purpose - however, in order to be spec-compliant - which is important - the length must be correct.
juandopazo
commented
9 years ago Got it!
Hi @Raynos!
Your package is being used by another package which is a dependency of ours. I was trying to enable some Content Security Policy headers in our application and it turns out this line is doing a form of eval: https://github.com/Raynos/function-bind/blob/master/index.js#L38.
Are you doing that as an optimization to force the function's length to be defined? Do you think you could make it work without it?
Thanks!