Scripts injected via `new Function()` are not allowed with `strict-dynamic` without `unsafe-eval`.