| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | <code>eval</code> may sometimes be allowed when it is used carefully to patch Firefox functions with local code.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using <code>setTimeout()</code>, or <code>setInterval()</code>, or properties like <code>onclick</code> to evaluate JS code.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | <code>setTimeout</code> and <code>setInterval</code> They may be used with hardcoded JS strings, but using closures is preferred. Only reject if it looks like remote code is being evaluated.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Remote script injection.