Clicking doesn't do anything - the following is also shown in the code:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-9WgeUf4xpiU3Vl8Qq+DlE3iqqq+sOu4fmB1iIxVU9ps='), or a nonce ('nonce-...') is required to enable inline execution.
Clicking doesn't do anything - the following is also shown in the code: