Bootstrap’s progress bar versus Content Security Policy

Bootstrap’s progress bar component uses an inline width style. Here’s the example from their docs.

This is unfortunate for the obvious reasons (it mixes content and presentation, the value—60 in this case—is repeated) but there’s also a less obvious repercussion. Inline styles prevent us from gaining the greatest benefit from the Content Security Policy header. If we have any inline styles then we’re forced to use the ‘unsafe-inline’ source with the style-src directive. Which, as Egon says, would be bad: Inline style is treated in the same way: both the style attribute and style tags should be consolidated into external … Continue reading Bootstrap’s progress bar versus Content Security Policy