In #240 I tried to improve security by adding a content security policy and refactoring the code to avoid unsafe patterns like inline javascript.
5bb991066bd8271f50dfaf0361dfea9a548fb405 went in the opposite direction and re-allowed an unsafe feature (eval). I guess that was required for the new dependency on alpine.js.
I guess this decision can be justified. However, I also know that there are plenty of similar javascript frameworks that do not rely on unsafe features. Is it possible to switch to one of those?
In #240 I tried to improve security by adding a content security policy and refactoring the code to avoid unsafe patterns like inline javascript.
5bb991066bd8271f50dfaf0361dfea9a548fb405 went in the opposite direction and re-allowed an unsafe feature (eval). I guess that was required for the new dependency on alpine.js.
I guess this decision can be justified. However, I also know that there are plenty of similar javascript frameworks that do not rely on unsafe features. Is it possible to switch to one of those?