From e4ffed19257675190702b82cc6835b52d9898da5 Mon Sep 17 00:00:00 2001
From: Renato Mangini <mangini@gmail.com>
Date: Tue, 3 Sep 2013 16:42:17 -0700
Subject: [PATCH] Changed hasEval test to avoid console error if browser
 supports securityPolicy. If securityPolicy is not supported, use the previous
 try/catch procedure. CSP errors are always sent to console, even when they
 get caught in a try/catch block.

---
 src/observe.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/observe.js b/src/observe.js
index b2de593..fd4d2d1 100644
--- a/src/observe.js
+++ b/src/observe.js
@@ -39,8 +39,12 @@
 
   var hasEval = false;
   try {
-    var f = new Function('', 'return true;');
-    hasEval = f();
+    if ('securityPolicy' in document) {
+      hasEval = document.securityPolicy.allowsEval === true;
+    } else {
+      var f = new Function('', 'return true;');
+      hasEval = f();
+    }
   } catch (ex) {
   }