Content Security Policy

[oupala]

When enabling Content Security Policy on the webserver that serves epubjs-reader, unsafe-inline has to be enabled as epubjs-reader is including some js and some css in the html.

Do you think it could be possible to remove this requirement, hence making epubjs-reader mose secure and reliable?

unsafe-inline and unsafe-eval are obviously a bad habits and they could be easily avoided by moving css and js code un css and js files.

More informations on demande if you need some.