Not usable without "unsafe-eval" in script-src

[codegain]

Issue summary

Hi,
I'm using jquery.terminal for quite a while now, but since 2.22.0 it stopped working. I got an CSP error in chrome:

Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'

I narrowed it down to this commit 8b2d6bf and this line added:

jquery.terminal/js/jquery.terminal.js

Line 1215 in 9c28d59

var is_browser = new Function('try {return this===window;}catch(e){return false;}')();

This won't be executed if the CSP doesn't contain unsafe-eval in the script-src CSP.

Steps to reproduce

Set a CSP with script-src 'self' and run the terminal.

Browser and OS

Chrome 88 on Windows 10

[jcubic]

I've found this code snippet on StackOverflow but it seems that the Function constructor, that is in fact eval, is not needed.

This works fine:

var is_browser = (function() { try {return this===window;}catch(e){return false;} })()

Thanks for the bug report.

[jcubic]

The fix is added, it will be published in next bug fix version. I will try in same version fix the prompt issue.