Add another tweak for handling CSP - we need to make sure that we don't trigger any eval on load (not sure if it's the best tweak, definitely not ideal). Add a test page as well so that it's easier to catch problem.

test/csp.php

@@ -0,0 +1,30 @@
+<?php header("X-Content-Security-Policy-Report-Only: allow *"); ?>
+<!DOCTYPE html>
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+	<title>CSP Test Page</title>
+
+  <script src="../src/core.js"></script>
+  <script src="../src/support.js"></script>
+  <script src="../src/data.js"></script>
+  <script src="../src/queue.js"></script>
+  <script src="../src/attributes.js"></script>
+  <script src="../src/event.js"></script>
+  <script src="../src/sizzle/sizzle.js"></script>
+  <script src="../src/sizzle-jquery.js"></script>
+  <script src="../src/traversing.js"></script>
+  <script src="../src/manipulation.js"></script>
+  <script src="../src/css.js"></script>
+  <script src="../src/ajax.js"></script>
+  <script src="../src/ajax/jsonp.js"></script>
+  <script src="../src/ajax/script.js"></script>
+  <script src="../src/ajax/xhr.js"></script>
+  <script src="../src/effects.js"></script>
+  <script src="../src/offset.js"></script>
+  <script src="../src/dimensions.js"></script>
+</head>
+<body>
+	<p>CSP Test Page</p>
+</body>
+</html>