Yes, Banshee requires 'unsafe-inline' and 'unsafe-eval'. But although it's called 'unsafe', Banshee is not. Not every usage of inline links and scripts is unsafe, so I don't agree with calling those settings 'unsafe-*'. It gives a false idea about what's going on.