Running synaptic on a website (browser) that restricts 'unsafe-eval' with CSP

[adi-darachi]

I'm using synaptic in a third-party product on the client side (basically a our code is being injected to our client's website).

We encountered an issue with a website that uses CSP (Content-Security-Policy) and does not allow 'unsafe-eval'. Eval includes all method of executing string through javascript code:

1. eval('var x = 1');
2. new Function('var x = 1');

It seems that the library is using 'new Function' in couple of places. After further investigation I realized that this code can be refactored to not use 'new Function' but native code.

I can help fixing this issue, I just want to know if there is a "real" reason for using this method rather than an actual code.