FIXES #713 Remove 'use strict' strings brute force to enable module packaging #1664
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The current ExcelJS fails with CSP unsafe code evaluation when exceljs is bundled with recent WebPack versions. It appears that the root cause is regenerator-runtime resorting to 'eval':ing the source code whenever it encounters "use strict". This is probably because "use strict" shouldn't be necessary with ES modules (they are strict by default).
I tried various workarounds, such as replacing all "use strict" clauses when babelifying code, having similar replacements with browserify etc. I am almost sure the root cause relates to browserify, e.g. it somehow ends up adding the "use strict" clauses. In absence of a better solution, I thought that brute force removal of "use strict" strings was the only option left, so I added a Grunt task for that. I tried the more popular "grunt-replace" module for this, but unfortunately it failed to process some of the libraries included (because of @@ character somewhere within the code).
I think the long term solution would be to replace the current build system with some other than browserify that would supply the needed polyfills, but I believe such an architectural change would be much bigger undertaking.
Test plan
Steps to repeat:
new CspHtmlWebpackPlugin(cspConfigPolicy, cspOptions)
into plugins arraynpm link
the exceljs module into your projectRelated to source code (for typings update)
N/A