I own version 3.2.2. I like the theme but unfortunately, hs-mega-menu.js has eval() calls in it which our Content-Security-Policy considers unsafe (and most would). Digging into this, it appears that gulpfile in src/assets/vendor/hs-mega-menu is doing the js-build with mode 'development' and that is likely why we have the eval() calls.
After much pain and suffering I was able to rebuild that component with mode 'production' instead; hopefully I haven't broken anything. I think it would be best to update this theme with a safe version of this menu by default.
hs-mega-menu.js uses unsafe eval() -- production version should be available
After much pain and suffering I was able to rebuild that component with mode 'production' instead; hopefully I haven't broken anything. I think it would be best to update this theme with a safe version of this menu by default.