Add CSP require-trusted-types-for header

**Summary**
The two HTML files lack a require-trusted-types-for CSP directive. The overall application would be more secure with it.

**Please describe the problem you are trying to solve.**
ElectronNegativity uses [Google CSP Evaluator](https://csp-evaluator.withgoogle.com/) which is currently flagging the lack of a 
require-trusted-types-for CSP directive. 

**Proposed Solution**

- [ ] Add `require-trusted-types-for 'script'` to the CSP headers of both files. 
- [ ] Update the render scripts to avoid directly setting `innerHTML` and other things that violate the header.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add CSP require-trusted-types-for header #180

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Add CSP require-trusted-types-for header #180

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions