Firefox still complains about CSP

[andrewbrock-sahmri]

3 appears to have fixed the CSP error in Chrome, but it's still flagging in Firefox (v96.0.1).

Using get-intrinsic v1.1.1

// eslint-disable-next-line consistent-return
var getEvalledConstructor = function (expressionSyntax) {
    try {
        // eslint-disable-next-line no-new-func
        return Function('"use strict"; return (' + expressionSyntax + ').constructor;')(); // <---- Firefox points at this
    } catch (e) {}
};

Error message is: Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).

[ljharb]

If Firefox is going to warn on never-executed Function usage, then there’s not much i can do about it.

you may want to file a bug for Firefox.

[andrewbrock-sahmri]

Thanks, I think I've found a corresponding Firefox bug(s), I'll drop the link here and close the issue https://bugzilla.mozilla.org/show_bug.cgi?id=1580514 https://bugzilla.mozilla.org/show_bug.cgi?id=1650112