Open
Description
Could we please remove all this inline event handlers like onClick, onMouseOver and so on and replace them with eventlisteners? The reason for this feature request is it to have a much better CSP handling.
At least with Nginx i can generate nonces for using them in a CSP header server side and replace all normal <script tags with a nonce. For this to make happen, no program change is needed. All is done server side. The only thing are unsafe_eval and this inline events which makes the whole app breaking a nice CSP header.