Use HTMLElement to remove the requirement on unsafe-inline style CSP

[erdnaxe]

When denying style-src: 'unsafe-inline' in Content-Security-Protection headers, some parts of LightGallery break such as thumbnails. This is problematic for websites trying to enforce secure CSP.

This patch tries to partially fix these issues by using HTMLElements where DOM elements are built using style= attribute.

[CLAassistant]

All committers have signed the CLA.

[chrillek]

I'm not sure if that's actually enough. There is lgQuery.htmland lgQuery.append that (can) insert raw HTML into the DOM via innerHTML. And those are the places Chrome is complaining about here. All calls to these methods would need to be fixed in the same way as you did with getThumbHtml.

[sachinchoolur]

Hey @erdnaxe,

First of all, thank you so much for the PR. And sorry for the delay from my side.

Wanted to complete a few other tasks before I merge this PR.

@erdnaxe, Yes, you are right. I'll make that changes too

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.