js-base64: eval being blocked by content-security policy

https://github.com/dankogai/js-base64/commit/0df4bd24c08fc6143577b0fac7aa5a323eb52660

I think the best solution is to split base64.js into two files, one for browser and one for nodejs. Add browser field to the package.json to let it choose right version.

• it will solve eval issue
• it will decrease file size (no more browser/node checks)

—===>>> AMAZING <<<===—

@dankogai We really appreciate your work. This resolves allot of issues for us, just thought we should recognise all your hard work!

I see this as well. The code works, but I’m hit with CSP reports. It looks like a more robust browser check would fix this.

YOUR LOCAL policy is not enough to justify the change

i certainly wouldnt push too hard to support it just for our policy, but it is worth being aware that all CSPs block eval by default, so it’s quite likely that others that have defined a policy will also have eval blocked. it has to be explicitly allowed, so its unlikely that a team that has gone through the steps of implementing a policy would be willing to allow it for this package

The problem is that there are too many platforms

i understand that this could be tricky and i did see that you went through a bunch of options in the other ticket. unfortunately, i dont understand the problem you were solving there well enough to offer a better option. mostly wanted to at least raise visibility that the current solution causes issues for us and likely others that have implemented a CSP in hopes that there might still be alternatives available.

currently we’ve pinned the previous version, but always have hope to stay current with new releases, so happy to test from our side if verifying our context is helpful.