This repository was archived by the owner on Nov 7, 2019. It is now read-only.
This repository was archived by the owner on Nov 7, 2019. It is now read-only.
Inline JavaScript/CSS should not be used #11
{{ message }}
To properly implement the
Content-Security-Policyheader, we should remove any inline JavaScript and CSS (includingstyleattributes) as they are far more likely to be injected by a malicious user than an external script file or stylesheet is.