Content Security Policy #55
Description
When enabling Content Security Policy on the webserver that serves epubjs-reader, unsafe-inline has to be enabled as epubjs-reader is including some js and some css in the html.
Do you think it could be possible to remove this requirement, hence making epubjs-reader mose secure and reliable?
unsafe-inline and unsafe-eval are obviously a bad habits and they could be easily avoided by moving css and js code un css and js files.
More informations on demande if you need some.