Closed louh closed 4 years ago
@davidbau any plans to merge this in soon? I'm also on a project that needs this eval removed for CSP reasons and it would be great to not have to maintain a fork in parallel to this!
Look great. Thanks for the PR!
Amazing, thank you @louh and @davidbau !
Following up from #64, this PR avoids using
eval()
to get the global object, which causes this package to be unusable if a server has set Content-Security Policy (CSP) protocols. I use the Universal Module Definition (UMD) pattern, bringing back the way we inject the global object into the function via its arguments.I should also note that there is a stage-3 ECMAScript proposal for
globalThis
, which is meant to address exactly this problem. Some browsers and environments have begun to implementglobalThis
but even if we were to use it now, we would still need a fallback toself
orthis
. Let me know if you would like to useglobalThis
now, but I can also understand waiting for the proposal to be finalized first.Let me know if there's anything else I should do to finish this PR! Thanks!