When adding a datatable thru the IDE to a project, the following code is added to the index.html:
NSB.bs.addProperties(ChoiceDataTable, 'DataTable_bs4');
ChoiceDataTable.settings={
data: data,
info: false,
lengthChange: true,
lengthMenu: [5, 10, 25],
ordering: true,
paging: true,
scrollY: '200px',
scrollCollapse: true,
searching: true,
columns: columns
}
setTimeout('ChoiceDataTable.build()',500);
The final statement has an eval in it, plus it is not an anonymous function call. Both of these issues if you are specifying CSP require the script-src of ‘unsafe-eval’.
Unsafe-eval is highly recommended to be avoided at all costs. It is a major security risk. If unsafe-eval is specified, most of the benefits of CSP are nullified. It’s titled unsafe for a reason.
My suggestion: change this settimeout calls to be anonymous function calls.