enhancement: support window.eval() in Dev build browser

[happybeing]

SAFE Browser lacks support for window.eval(), I think because it introduces security risks.

It is though a useful feature when debugging, because more efficient, more developer friendly source maps make use of it, including the default applications built by frameworks such as React.

For example, debugging an app created using create-react-app which supported not reloading with webpack eval-source-map works fine in other browsers but fails to run with SAFE Browser. I was able to fix this, but to do so had to npm run eject in order to change the config to use a different source map ('cheap-module-source-map’) which is an irreversible process, and gives much poorer source level debugging.

So I propose adding support for window.eval() in the Dev build browser, but with a suitable warning in the console the first time it is called, to reduce the chances of someone using it in their producing build.

There's a post about the issue in the Dev forum here

[joshuef]

Aye this seems reasonable.

The ideal would be only for localhost sites, IMO. Just giving us a bit more security in case a dev is using the browser for normal browsing too.

so if mock && localhost should be fine. I don't see any obvious issues with that.

[happybeing]

Does it make sense for that to be the default, but to have a way to do this with the live network for that nasty once in a while bug that either only shows when live or is just easier to handle that way?

[safesurfer]

QA verified, I'm able to run eval() and it is allowed in mock, and I can see the error message Sorry, peruse does not support window.eval(). only on production.

[happybeing]

@joshuef Did this make it into v0.13?