unsafe-eval ➔ unsafe-inline bypass on page load via MathJax config

This page uses the following Content-Security-Policy:

    default-src 'none';
    script-src 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.2/;
    style-src 'unsafe-inline';
    font-src https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.2/fonts/;
    img-src 'self'

This is just math:

$$ \pi_3(S^2)\cong \mathbb{Z} $$

This is a script block eval'd by MathJax when the page loads (check the source code):

This is a regular script block prevented from executing by the CSP (check the JS console for the error):