Outstanding Content-Security-Policy errors triggering unsafe-inline

[ghalse]

Two previous issues (#463 & #477) went a long way to making tarteaucitron play nicely with Content-Security-Policy headers. However, there are still two places where inline styles are used triggering a CSP error unless style-src 'unsafe-inline' is specified.

I'm not confident enough in the code to submit this as a PR, but the problems are as follows.

The first is on line 531:

html += '       <button type="button" class="tarteaucitronDeny" style="visibility:hidden" tabindex="-1">';

I think that fixing this might require some new CSS / another class. I see there's a tarteaucitronHidden already but it doesn't do quite the same thing.

The second is on line 639:

html += '<div id="tarteaucitronIcon" class="tarteaucitronIcon' + tarteaucitron.parameters.iconPosition + '" style="display: block">';

It seems the "display: block" here overrides the "display: none" in the CSS:

#tarteaucitronIcon {
    background: transparent;
    position: fixed;
    display: none;
    width: auto;
    z-index: 2147483646;
}

And in my tests, simply removing the "display: none" seems to fix it.