Replace unsafe eval with import

[MisterGoodcat]

trafficstars

Currently, the required JavaScript is loaded using eval (code). This prevents using the library in applications that apply strict CSPs:

Would you consider switching to JavaScript isolation, where it's possible to use import instead (docs)? This might mean drop support for anything < .NET 5 though.

[jsakamoto]

Thanks for reporting!

Yes, I know this problem well, so of course, I'm considering it since when .NET 5 was a preview.

But nobody feeds back to me about this problem until this issue, so I don't start to resolve this problem yet.

Today, you made me notice that problem again, so that I will resolve this issue.

This might mean drop support for anything < .NET 5 though.

Yes, I know. But don't worry, I have an idea for keep compatibility for .NET Core 3.x. I'll try it.

[jsakamoto]

@MisterGoodcat

I released the new version that improved about this issue as a preview release.

• https://www.nuget.org/packages/Toolbelt.Blazor.HotKeys/11.0.0-preview.1

Please try it out if you want.

[MisterGoodcat]

Thank you for the fast reply and action, very much appreciated! I'm going to test this out asap and report back.

[MisterGoodcat]

I took a few minutes to test out the preview and can confirm that even with the most restrictive CSP (only 'self') the script is loaded correctly. Nice approach with the preprocessor branch to keep compatibility with older versions!

Thanks again for your support, that's really great!

[jsakamoto]

Thank you for doing tests and reporting!

So I'm going to make this version an official version after the number of downloads of this preview version reaches some in a few days.