maint(core dom template): Warn about using dom.template due to a CSR probmel.

Warn about a problem of dom.template with a Content-Security-Policy set.
If a CSR rule is set then dom.template would break the code unless
'unsafe-eval' is allowed (which you wouldn't normally allow when using a CSR).
Therefore it is not recommended to use this template function.

Author: thet

src/core/dom.js

@@ -1,5 +1,8 @@
 /* Utilities for DOM traversal or navigation */
 import events from "./events";
+import logging from "./logging";
+
+const logger = logging.getLogger("core dom");
 
 const DATA_PREFIX = "__patternslib__data_prefix__";
 const DATA_STYLE_DISPLAY = "__patternslib__style__display";
@@ -309,6 +312,10 @@ const delete_data = (el, name) => {
 /**
  * Simple template engine, based on JS template literal
  *
+ * NOTE: This uses eval and would break if Content-Security-Policy does not
+ *       allow 'unsafe-eval'.
+ *       Because of this CSR problem the use of this method is not recommended.
+ *
  * Please note: You cannot pass a template literal as template_string.
  * JavaScript itself would try to expand it and would fail.
  *
@@ -323,6 +330,9 @@ const delete_data = (el, name) => {
  * @returns {String} - Returns the a string as template expanded with the template_variables.
  */
 const template = (template_string, template_variables = {}) => {
+    logger.warn(
+        "Using dom.template is not recommended due to a problem with Content-Security-Policy."
+    );
     return new Function("return `" + template_string + "`;").call(template_variables);
 };