From 3408d4ad780d1282e085666a4e2c733283c62d8d Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Tue, 9 Jan 2018 18:16:02 +0100
Subject: [PATCH] Use JSON.parse if available

---
 adminer/include/design.inc.php | 2 +-
 adminer/static/functions.js    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index 48212fc6..b646d0c7 100644
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -91,7 +91,7 @@ function page_headers() {
 	header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
 	header("X-Content-Type-Options: nosniff");
 	header("Referrer-Policy: origin-when-cross-origin");
-	header("Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self'; frame-src https://www.adminer.org; form-action 'self'");
+	header("Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self'; frame-src https://www.adminer.org; form-action 'self'");
 	$adminer->headers();
 }
 
diff --git a/adminer/static/functions.js b/adminer/static/functions.js
index 15341dd1..582979c2 100644
--- a/adminer/static/functions.js
+++ b/adminer/static/functions.js
@@ -565,7 +565,7 @@ function ajax(url, callback, data, message) {
 */
 function ajaxSetHtml(url) {
 	return ajax(url, function (request) {
-		var data = eval('(' + request.responseText + ')');
+		var data = window.JSON ? JSON.parse(request.responseText) : eval('(' + request.responseText + ')');
 		for (var key in data) {
 			setHtml(key, data[key]);
 		}