Use of onload= causes CSP warnings if unsafe-inline is not allowed by the content-security-policy.

[ShaneMcC]

The code at https://github.com/trvswgnr/bs5-lightbox/blob/main/src/index.ts#L137 causes errors in the browser:

Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.

I'm not sure of the purpose of that onload code and if it's actually needed (removing it from my local copy doesn't appear to have changed much?), but it would be better to do this onload script as an event handler on the image rather than using onload.

[ShaneMcC]

The same line of code also looks to cause an error (#4) if it actually runs - so I suspect it's not needed at all?

[trvswgnr]

This has been resolved in v1.7.10. I believe that code was removing a loading indicator, but at this point I'm not sure. Thanks for bringing it to my attention.