Content Security Policy (CSP) and DWR


We need to abide to the strict CSP requirements in our application, but there are a couple of places, particularly in engine.js, where eval() and Function are being used, and we were not able to find a replacement.
For instance, consider this piece of code taken from here :

  /** @private Utility to execute incoming scripts */
  dwr.engine._executeScript = function(script) {
    if (script == null) {
      return null;
    if (script === "") {
      dwr.engine._debug("Warning: blank script", true);
      return null;
    // Using Function instead of eval as the latter has memory problems on IE9
    (new Function("dwr", script))(dwr);

How do we get around it without using Function or eval() ?