Open karak opened 6 years ago
Solve that warning is easy and quick. We can replace those points of execution by IIFE module.
As for CSP, Riot itself implements its own safeEval
on esprima
with hoister
. I guess they seek smaller size why not using notEvil
constructed by the same stack.
I'll close this issue because I suspect many Chrome Extensions uses raw browsers including Karma, or Node.js like sinon-chrome.
Testing frameworks needn't support CSP like riot itself.
We must avoid raw
eval()
for CSP(Content Security Policy) as warned by Rollup.Now, we could have
safeEval
, if it can simply alternate oureval()
-- scripts in tags are user-defined -- and is available on browsers in UMD modules.