js_sys::global uses eval, and is not compatible with strict CSP

[mitchchn]

js_sys::global uses the Function constructor to get a handle to the global object:
https://docs.rs/js-sys/0.3.24/src/js_sys/lib.rs.html#4420.

This is a type of eval and is disallowed by strict content security policies that exclude script-src 'self' 'unsafe-eval', even if they would otherwise permit WASM:

This behaviour causes unpredictable runtime exceptions, since several important APIs in the web_sys and js_sys ecosystem go through the global object.

Alternatives to the Function constructor

• globalThis is the (very!) modern answer to get a handle to the global object in all JS environments. MDN recommends globalThis as the replacement for the Function constructor approach. Its browser requirements are demanding, however.
• The same article recommends a series of runtime check for the existence of well-known global objects, which is the approach used by es6-shim.

[Pauan]

If we had full support for inline_js on all targets (or at least Node), this would be a great use of inline_js.

(Also, the relevant lines of code are here)

[terwer]

Well done, for some csp scenes, this is very usefull.🌹