I was looking over OpenAI's blog[^1] and decided to inspect the HTML just now. I noticed that in the logged issues that OpenAI has unsafe-eval in their Content Security Policy (CSP). Why is this even allowed in modern websites when this leaves the site vulnerable?
[^1]: https://openai.com/blog