We should support modern browser security features. For a start, we should support Content Security Policies (CSP) that disallow inline JavaScript. Currently, there's a bunch of stuff that probably won't work unless you include the unsafe-inline keyword, which is not recommended.
We can do this by either moving all the scripts to external files or supporting a nonce or hash.
We should support modern browser security features. For a start, we should support Content Security Policies (CSP) that disallow inline JavaScript. Currently, there's a bunch of stuff that probably won't work unless you include the unsafe-inline keyword, which is not recommended.
We can do this by either moving all the scripts to external files or supporting a nonce or hash.