Remove unsafe-inline styles ("styles attributes")
mweinelt opened this issue · comments
Martin Weinelt commented
We're on a really good way, safety-wise! https://observatory.mozilla.org/analyze.html?host=firmware.darmstadt.freifunk.net
One more nitpick for now as follows:
Your current CSP policy allows the use of 'unsafe-inline' inside of style-src. Moving style attributes into external stylesheets not only makes you safer, but also makes your code easier to maintain.
codedust commented
We're on a really good way, safety-wise!
Nope. We're using JavaScript.