Scripts injected via `new Function()` are allowed with `strict-dynamic` with `unsafe-eval`.