#204 Latest Release Breaks CSP Rules

[Anonymous]

Originally created by: tylerFowler

The latest release distribution has this line:

var __cov_LJ6y9QsEYJy7cg83eFQGGg = Function('return this')();

Along with a bunch of paths to someone's local Windows machine, I assume that it was simply introduced by mistake but when you combine this line with sensible CSP rules browsers will complain that script-src: 'unsafe-eval' needs to be enabled.