Description
Motivation
wasm-bindgen and its associated crates (js_sys, web_sys, etc.) should be compatible with normal CSP configurations, i.e. ones that don't whitelist unsafe-eval or unsafe-inline. Right now, it is too easy to accidentally to accidentally make a wasm-bindgen-based crate incompatible with good CSP practices. Further, it is hard to audit the internal implementation of wasm-bindgen and its associated crates for CSP problems. See #1641 for example.
Proposed Solution
Create an unsafe-eval Cargo feature that controls access to the Function constructor, eval, and other features that result in JS that would require unsafe-eval. The feature shouldn't be marked as a default feature so that one can easily audit a depending crate's Cargo.toml to see if these features are in use. Instead, bump to the next incompatible version number since this is not a backward-compatible change. Test in CI the default configuration and the configuration with the unsafe-eval feature enabled. Change the implementation of as many APIs as possible to work in the default (non-unsafe-eval configuration, e.g. web_sys::window(). This may require such APIs to be redesigned.