This effectively follows the Chromium implementation, we use the StringContext attribute to do the enforcement for setTimeout and setInterval and then update the HostEnsureCanCompileStrings call (which now actually calls the CSP function directly) accordingly.
We then update EnsureCSPDoesNotBlockStringCompilation to only do TT validation for eval and Function, not timers.
Fixes #480
This effectively follows the Chromium implementation, we use the StringContext attribute to do the enforcement for setTimeout and setInterval and then update the
HostEnsureCanCompileStrings
call (which now actually calls the CSP function directly) accordingly.We then update
EnsureCSPDoesNotBlockStringCompilation
to only do TT validation for eval and Function, not timers.Preview | Diff