Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
I'm not sure of the purpose of that onload code and if it's actually needed (removing it from my local copy doesn't appear to have changed much?), but it would be better to do this onload script as an event handler on the image rather than using onload.
This has been resolved in v1.7.10. I believe that code was removing a loading indicator, but at this point I'm not sure. Thanks for bringing it to my attention.
The code at https://github.com/trvswgnr/bs5-lightbox/blob/main/src/index.ts#L137 causes errors in the browser:
I'm not sure of the purpose of that onload code and if it's actually needed (removing it from my local copy doesn't appear to have changed much?), but it would be better to do this onload script as an event handler on the image rather than using onload.