Allow eval() and similar functions that execute strings as code (e.g., new Function(), setTimeout with strings).

This is needed when plugins use legacy JavaScript that dynamically evaluates code strings. Modern plugins should avoid this by using direct function calls or parsed data instead.

Allowing 'unsafe-eval' significantly weakens Content Security Policy protections and should be avoided when possible. It can be exploited by attackers if they control strings passed to eval() or similar functions.