Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #167 in providing a fully CSP compatible build of ES module shims that supports using nonces for all executions.
One big issue here is that all Wasm execution requires CSP
unsafe-eval
(which is very unfortunate). The approach taken was to reinstate the JS build of es-module-lexer, which has comparable runtime performance, but with a slower cold start due to the extra work required of the V8 compiler.nonce
initialization option.<script type="esms-options">
tag with inline JSON for configuration, avoiding the need for inline script (ie another nonce).While there is a definite performance penalty for this approach, it shouldn't turn out to be noticeable for applications that are willing to take that hit in order to rather have the CSP security. By having two builds, users have the option of deciding which is best, and the features supported are equivalent between both builds.