Description
What problem does this feature solve?
Using inline-templates when CSP is enabled is currently impossible due to new Function() being used in the compiler in the full build.
In all posts that I could find regarding this issue the runtime only build is suggested. However when you are working on a project where you cannot move all templates to render functions, or precompile to render functions, this is not possible.
To us inline-templates are a very important part of the "progressive framework" idea. This allows us to utilize the full power of Vue while not forcing a refactor upon our entire backend to use API's when we want to upgrade Vue to v2 (even though they ideally should).
For Vue 1.28 there is a specific csp branch which utilises notevil. I want to do the same for Vue 2.6.
I will try to provide a working fork, although I could use some help on this (it's my first time working with the vue source code)
What does the proposed API look like?
1 branch, v2.6.x-csp, will be made where new Function() will be replaced by notevil.Function() to safely eval expressions.
Just like v1.28-csp, notevil will be included in the codebase.
Currently I have found new Function() in src/compiler/to-function.js:15 38 and src/compiler/no-error.js:86 95 which have to be refactored to notevil.Function() calls.