I thoroughly enjoy the direction this is headed, but I am concerned about the potential security implications this might have. With jss's use of <style>css</style>, this will require allowing CSP's style-src unsafe-inline correct? It actually seems unlikely, but is there any potential to precompile the CSS required into a separate file to avoid this? I much prefer inline styles, but I'm not convinced this trade-off is worth the performance improvements over direct inline styles or the necessity of using css-modules. Any thoughts or insights? Am I off base here?
I thoroughly enjoy the direction this is headed, but I am concerned about the potential security implications this might have. With jss's use of <style>css</style>, this will require allowing CSP's style-src unsafe-inline correct? It actually seems unlikely, but is there any potential to precompile the CSS required into a separate file to avoid this? I much prefer inline styles, but I'm not convinced this trade-off is worth the performance improvements over direct inline styles or the necessity of using css-modules. Any thoughts or insights? Am I off base here?