eval() should not run without 'unsafe-eval' script-src directive.