Dimitris Grammatikogiannis

The code for the debug css is here: https://github.com/joomla/joomla-cms/blob/45adb61f8306b945f43b4326305fafe87c154aa2/plugins/system/debug/src/JavascriptRenderer.php#L63 For the JS is here: https://github.com/joomla/joomla-cms/blob/45adb61f8306b945f43b4326305fafe87c154aa2/plugins/system/debug/src/JavascriptRenderer.php#L71 Also just reviewing the code the nonce attribute needs to be applied for each stylesheet/script,...

> Also, I don't agree with adding the nonce attribute to the inline style. Because according to this [document](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src), the code inside the elements are also blocked. You misunderstood what...

CSP has different levels. The strict level is the one that does not allow inline css (attribute style). I'm not sure how I can explain this better as the CSP...

@sinahaghparast the debugbar injects the assets at the end of the body (although the class says head) so maybe instead of `head` should say `debugbar` or just `debug`?

@brianteeman allow PRs in your cloned repo so I can sent you the code

> If we want to "fork", we should do it from source: @Fedik if someone already has a package for this then why not use it. TS will be pain...

> No, no TS, compile then add. That means we need a repo for these plugins. Not a bad idea but: - I don't have permissions to do that -...

Ah yeah the good ol' days... We can revert all those confusing NPM build steps and have the code version directly in the repo, what could go [wrong](https://nvd.nist.gov/vuln/detail/CVE-2024-3094)

@brianteeman you have a typo in the filename: `build/media_source/plg_editors_tinymce/js/plugins/paste_from_word/plugin.es6.js` `es6` not `e6`

What is `2024-6` ?