Move webpage scripts to separate files to permit secure Content-Security-Policy header

[dathbe]

Describe your suggested feature

The application webpages have inline javascript, which means that if users set a content-security-policy header, it has to include unsafe-inline scripts. It is generally recommended that webpage scripts be moved to separate .js files to avoid cross site scripting and injection of malicious scripts into a webpage. Here's more on the CSP header:

https://scotthelme.co.uk/content-security-policy-an-introduction/

Here are some resources with an explanation of why unsafe-inline is bad, and a couple other options for how to code around it:

https://content-security-policy.com/unsafe-inline/ https://tech.groww.in/how-to-avoid-unsafe-inline-in-content-security-policy-csp-375b5889b2f9?gi=cf60953d121e

Here's a resource on how to move scripts to a .js file and call them from html:

https://www.thoughtco.com/how-to-create-and-use-external-javascript-files-4072716

Other details

No response

Acknowledgements

• [X] I have searched the existing issues and this is a new ticket, NOT a duplicate or related to another open issue.
• [X] I have written a short but informative title.
• [X] I have updated the app to the latest version.
• [X] I will fill out all of the requested information in this form.