For example, every bslib::card() will create some inline javascript, calling bslib.Card.initializeAllCards() (see below). Would it be possible to move this function call to an external JS file and calling it with something like <script src=''></script> instead?
Removing as many inline scripts as possible would make it easier to set a strict Content Security Policy when serving a shiny application, and setting such a policy greatly improves security against XSS attacks. I am not sure if this is possible, but I thought it is worth a try to ask.
cat(format(bslib::card()))
<div class="card bslib-card bslib-mb-spacing html-fill-item html-fill-container" data-bslib-card-init data-require-bs-caller="card()" data-require-bs-version="5">
<script data-bslib-card-init>bslib.Card.initializeAllCards();</script>
</div>
For example, every
bslib::card()will create some inline javascript, callingbslib.Card.initializeAllCards()(see below). Would it be possible to move this function call to an external JS file and calling it with something like<script src=''></script>instead?Removing as many inline scripts as possible would make it easier to set a strict Content Security Policy when serving a shiny application, and setting such a policy greatly improves security against XSS attacks. I am not sure if this is possible, but I thought it is worth a try to ask.