AJV schema validation functions should be pre-compiled to avoid unsafe-eval CSP requirement

[hrobertson]

Describe the Bug
Compiling the AJV schema validation functions at runtime uses new new Function which requires the CSP script-src to include 'unsafe-eval'.

Instead, the schema validation functions should be pre-compiled.

Steps to Reproduce

1. Use the cloudevents/sdk-javascript library in a site with a CSP with script-src not including 'unsafe-eval'
2. Use new CloudEvent(...)
3. Observe CSP error

Expected Behavior
The library should be able to be used successfully without including 'unsafe-eval' in your CSP.

Additional context
See https://github.com/ajv-validator/ajv/blob/master/docs/security.md#content-security-policy

[lance]

@hrobertson thanks for reporting this.

See also: https://github.com/ajv-validator/ajv/blob/master/docs/standalone.md

[github-actions]

This issue is stale because it has been open 30 days with no activity.

[lance]

I have been working on this, but am awaiting some response from the ajv team ajv-validator/ajv#1837

[github-actions]

This issue is stale because it has been open 30 days with no activity.

[github-actions]

This issue is stale because it has been open 30 days with no activity.