From 18308da020ea91d95160bb0de8c340b57bb954f3 Mon Sep 17 00:00:00 2001 From: Renato Mangini Date: Wed, 4 Sep 2013 14:29:06 -0700 Subject: [PATCH] changed hasEval logic to always test for eval when CSP securityPolicy.allowsEval is true --- src/observe.js | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/observe.js b/src/observe.js index fd4d2d1..604cb3e 100644 --- a/src/observe.js +++ b/src/observe.js @@ -37,15 +37,16 @@ var hasObserve = detectObjectObserve(); - var hasEval = false; - try { - if ('securityPolicy' in document) { - hasEval = document.securityPolicy.allowsEval === true; - } else { + // don't test for eval if document has CSP securityPolicy object and we can see that + // eval is not supported. This avoids an error message in console even when the exception + // is caught + var hasEval = ! ('securityPolicy' in document) || document.securityPolicy.allowsEval; + if (hasEval) { + try { var f = new Function('', 'return true;'); hasEval = f(); + } catch (ex) { } - } catch (ex) { } function isIndex(s) {