[svg-icons] Plug-in forces enabling script-src unsafe-eval in CSP. #472
Description
Hello!
Trying to clean up my Content-Security-Policy header from unsafe stuff, I found that this plug-in inserts in-line scripting into pages.
This results in me being forced to add "unsafe-eval" to the "script-src".
If it's not too much trouble, I'd prefer it if the code could be moved to a seperate .js file instead :)
Though perhaps it's not that great of an idea as the icons are often used on all pages from the moment the page opens; so I understand if it's tricky.
Same for having to add data: as source; that's probably for the best..