@unpic/svelte triggers csp errors

[hankolsen]

Hi!

Thank you for a great package.

I've noticed some csp errors when using @unpic/svelte and wonder if you have any suggestions?

The error message is:

Content-Security-Policy: The page’s settings blocked an event handler (script-src-attr) from being executed because it violates the following directive: ....
Source: this.__e=event

and I've tracked it down to the rendered images, something like this:

<img ... srcset="" onload="this.__e=event" onerror="this.__e=event"/>

Is there any way I can disable the output of onload and onerror, or do you have any suggestions on how to handle it?

[ascorbic]

I'm not sure! I'm not deliberately adding those.