Specifically the files viewercontrol.js and underscore.min.js. These files contain the code "eval()" & "new Function()" which trigger an "unsafe eval" CSP error.
We would like to keep our project CSP compliant and not need to pass 'unsafe-eval' to the Content Security Policy in order to resolve this error.