On Fri, Aug 24, 2012 at 10:41 AM, Brendan Eich <[email protected]> wrote: > I'm not sure what the problem is -- I read the old thread, and noticed the > solution: > var global = Function("return this")(); > This is good for any code mode, strict or non-strict. Does CSP ban Function > as well as eval?
CSP does forbid the Function constructor, by the edict “Code will not be created from strings”. http://www.w3.org/TR/CSP/ Section 4.2 “If unsafe-eval is not allowed…” Kris Kowal _______________________________________________ es-discuss mailing list [email protected] https://mail.mozilla.org/listinfo/es-discuss
