changed hasEval logic to always test for eval when CSP securityPolicy…

….allowsEval is true
googlearchive · Sep 4, 2013 · 18308da · 18308da
1 parent e4ffed1
commit 18308da
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/src/observe.js b/src/observe.js
@@ -37,15 +37,16 @@
 
   var hasObserve = detectObjectObserve();
 
-  var hasEval = false;
-  try {
-    if ('securityPolicy' in document) {
-      hasEval = document.securityPolicy.allowsEval === true;
-    } else {
+  // don't test for eval if document has CSP securityPolicy object and we can see that
+  // eval is not supported. This avoids an error message in console even when the exception
+  // is caught
+  var hasEval =  ! ('securityPolicy' in document) || document.securityPolicy.allowsEval;
+  if (hasEval) {
+    try {
       var f = new Function('', 'return true;');
       hasEval = f();
+    } catch (ex) {
     }
-  } catch (ex) {
   }
 
   function isIndex(s) {