Recent versions of the Firefox browser have a strict Content Security
Policy in extension content scripts that disallows any direct or
indirect string evaluation. Previously, the Function('return this')
in ResizeSensor.js, used to obtain the true global window object,
violated that security policy. This PR checks instead for the
validity of the globalThis identifier, now provided in Firefox
explicitly for the purpose that Function('return this') was being
used for.
As Mozilla will not sign extensions that patch third-party packages,
without a change along these lines, no extension that directly or
indirectly uses ResizeSensor could be created. Hence, it would be
greatly appreciated for this small change to be merged and a new
release made. Thanks for considering.
Recent versions of the Firefox browser have a strict Content Security Policy in extension content scripts that disallows any direct or indirect string evaluation. Previously, the
Function('return this')
in ResizeSensor.js, used to obtain the true global window object, violated that security policy. This PR checks instead for the validity of theglobalThis
identifier, now provided in Firefox explicitly for the purpose thatFunction('return this')
was being used for.As Mozilla will not sign extensions that patch third-party packages, without a change along these lines, no extension that directly or indirectly uses ResizeSensor could be created. Hence, it would be greatly appreciated for this small change to be merged and a new release made. Thanks for considering.