Would it be possible, to make pdfkit usable with a CSP not allowing eval()? As our site handles personal data, all eval() is not allowed to be executed, rendering pdfkit unusable.
We run into the same problem here.
The unsafe evaluation comes from the devongovett/restructure package:
https://github.com/devongovett/restructure/blob/master/src/Pointer.coffee#L11.
The coffee script builds a function from a parametric variable name.
It renders PDFkit unusable with decent CSP settings that do not include 'unsafe-eval'.
see devongovett/restructure#22
Any updates on this?
Now that https://github.com/foliojs/restructure/issues/28 has been fixed and released in 2.0.0, would it be possible to update pdfkit/fontkit to use the new version without the CSP issue?
We'd also be really keen on having this. It's preventing us from having a CSP without unsafe-eval on our sites that use AMCharts (which depends on pdfkit, which in turn depends on this)
Most helpful comment
Now that https://github.com/foliojs/restructure/issues/28 has been fixed and released in 2.0.0, would it be possible to update pdfkit/fontkit to use the new version without the CSP issue?