Updating index.js to patch the TT violation using the Function workaround

Change-Id: I857bf52804157c537cd1eabe5091c6929983e55d

index.js

diff --git a/index.js b/index.js
index 253d574..ed5bb1d 100644
--- a/index.js
+++ b/index.js
@@ -5,17 +5,42 @@
 var isFnRegex = /^\s*(?:function)?\*/;
 var hasToStringTag = require('has-tostringtag/shams')();
 var getProto = Object.getPrototypeOf;
+
+class TrustedFunction {
+  static policy = trustedTypes.createPolicy('TrustedFunctionWorkaround', {
+    createScript: (_, ...args) => {
+       args.forEach( (arg) => {
+         if (!trustedTypes.isScript(arg)) {
+           throw new Error("TrustedScripts only, please");
+         }
+       });
+       
+       // NOTE: This is insecure without parsing the arguments and body, 
+       // Malicious inputs  can escape the function body and execute immediately!
+       
+       const fnArgs = args.slice(0, -1).join(',');
+       const fnBody = args.pop().toString();
+       const body = `(function anonymous(
+       ${fnArgs}
+       ) {
+       ${fnBody}
+       })`;
+       return body;
+    }
+  });
+
+  constructor(...args) {
+    return (window || self).eval(TrustedFunction.policy.createScript('', ...args));
+  } 
+}
+
 var getGeneratorFunc = function () { // eslint-disable-line consistent-return
 	if (!hasToStringTag) {
 		return false;
 	}
 	try {
 		if (self.trustedTypes && self.trustedTypes.createPolicy) {
-			const policy = trustedTypes.createPolicy("myEscapePolicy", {
-				createScript: (_ignored) => "return function*() {}",
-			});
-			const safeScript = policy.createScript("_ignored");
-			return Function(safeScript);
+			return TrustedFunction('return function*() {}');
 		}
 		else {
 			return Function('return function*() {}')();