[fix] Obfuscate ActiveXObject occurrences (#509)

Some corporate firewalls/proxies such as Blue Coat prevent JavaScript
files from being downloaded if they contain the word "ActiveX".

Author: lpinca

lib/xmlhttprequest.js

@@ -1,8 +1,5 @@
 // browser shim for xmlhttprequest module
 
-// Indicate to eslint that ActiveXObject is global
-/* global ActiveXObject */
-
 var hasCORS = require('has-cors');
 
 module.exports = function (opts) {
@@ -34,7 +31,7 @@ module.exports = function (opts) {
 
   if (!xdomain) {
     try {
-      return new ActiveXObject('Microsoft.XMLHTTP');
+      return new global[['Active'].concat('Object').join('X')]('Microsoft.XMLHTTP');
     } catch (e) { }
   }
 };