The embeddable widget was failing to load on Safari 17+ with no visible error.
What happened
Safari 17 introduced stricter Content Security Policy enforcement for third-party scripts loaded via <script> tags. Our widget was using eval() internally for template rendering, which Safari now blocks by default.
The fix
Replaced eval() with a template literal approach:
// Before (blocked by Safari)
const render = new Function('data', template);
// After (CSP-compliant)
const render = (data) => template.replace(
/\{\{(\w+)\}\}/g,
(_, key) => data[key] ?? ''
);The widget now loads correctly on all browsers, including Safari 17+ with strict CSP.