Hi, I'm new to the community and used to be an online high school math teacher. I'm now working on a project for a health-care provider who offers side courses. From a security standpoint, I've been brainstorming how to run CSP without "unsafe-inline" for scripts.
If anyone has a solution for this, I'm very interested in hearing about it.
But I was thinking that it should possible to build in a hashing function so that the loaded modules, even with random-elements to them, can have a SHA-256 attribute. I'm about a year into part-time programming, so I'm not an expert by any means. But I was reading about how someone took the js-sha256 package and used it with requirejs.
I only just read about AMD last night, and I'm still trying to wrap my head around how everything is structured in Moodle (been on this for just a couple weeks now). Am I going to run into a dead-end? If not, I was surprised not to see this already implemented. My goal is to not have to allow unauthorized inline scripts.
Thanks for any tips!