To support the usage of Boostrap-Flask together with a strict Content Security Policy (CSP), to have a defense in depth against XSS attacks, the following changes have been made:
Remove inline style declarations, use classes instead
Remove inline JS, use HTML + CSS instead
Add support of nonces with JS includes
Add basic usage documentation
If desired I can still add an example and/or test case for this use case.
To support the usage of Boostrap-Flask together with a strict Content Security Policy (CSP), to have a defense in depth against XSS attacks, the following changes have been made:
If desired I can still add an example and/or test case for this use case.