Investigate CSP (unsafe-eval) Compatibility for ace-extra.js #2
Description
Hello,
I am currently working on a project that implements a strict Content Security Policy (CSP) to enhance security. As part of this policy, we aim to avoid the use of unsafe-eval due to its security implications. I am using ace-extra.js and would like to verify its compatibility with our CSP.
Issue:
Could you please investigate and confirm whether ace-extra.js relies on any practices that require the use of unsafe-eval? Specifically, I am looking for information on the following:
Use of eval()
Use of new Function()
Any other dynamic code execution methods
Additional Information:
If ace-extra.js does require unsafe-eval, are there any recommended workarounds or alternative solutions that would allow us to continue using this script while maintaining a strict CSP?
Thank you for your assistance!
Expected Behavior:
No CSP violations should occur, indicating that ace-extra.js is fully compatible with a strict CSP without unsafe-eval.
Actual Behavior:
(Please describe any CSP violations encountered if applicable.)