search

gotwarlost / istanbul

Yet another JS code coverage tool that computes statement, line, function and branch coverage with module loader hooks to transparently add coverage when running tests. Supports all JS coverage use cases including unit tests, server side functional tests and browser tests. Built for scale.
Other
8.7k stars 787 forks source link

Content-Security-Policy unsafe-eval #932

Closed tudorgergely closed 4 years ago

tudorgergely commented 4 years ago

Hi!

I have an issue with istanbul coverage object on window and our CSP. The coverage report is working great locally but we also want to instrument an app we deploy to a certain environment.

We don't allow unsafe-eval in our CSP and because the instrumenter uses Function() it fails our CSP: https://github.com/gotwarlost/istanbul/blob/bc84c315271a5dd4d39bcefc5925cfb61a3d174a/lib/instrumenter.js#L692

Is it possible to get around or fix this? Do you have alternatives to Function() in this case?

Thank you!

praveen7557 commented 1 year ago

hey @tudorgergely, were you able to fix this?