Incompatible with secure CSP

[lol768]

qrcode-svg/lib/qrcode.js

Lines 312 to 317 in 47d56ec

	//Populate with predefined shape instead of "rect" elements, thanks to @kkocdko
	var predefined = typeof options.predefined != "undefined" ? !!options.predefined : false;
	var defs = predefined ? indent + '<defs><path id="qrmodule" d="M0 0 h' + ysize + ' v' + xsize + ' H0 z" style="fill:' + options.color + ';shape-rendering:crispEdges;" /></defs>' + EOL : '';
	//Background rectangle
	var bgrect = indent + '<rect x="0" y="0" width="' + width + '" height="' + height + '" style="fill:' + options.background + ';shape-rendering:crispEdges;"/>' + EOL;

Please don't do this, for those of us using this library on the web it will break on every sufficiently secured site which doesn't allow script-src 'unsafe-inline'.

For setting the fill colour, there's a perfectly good fill attribute you can use instead. For e.g. the crisp edges rendering, please just put the CSS in the README and let us apply it ourselves

[qoomon]

Can you explain which part will cause the csp violation, cause I cant locate the inline script. Is it because of the style attribute?

[lol768]

Please don't do this, for those of us using this library on the web it will break on every sufficiently secured site which doesn't allow script-src 'unsafe-inline'.

Should read:

Please don't do this, for those of us using this library on the web it will break on every sufficiently secured site which doesn't allow style-src 'unsafe-inline'.

Apologies

[qubyte]

crisp-edges is also an attribute in SVG. I've opened a PR to address both: #22.