fix-csp-compliance
Installation
SKILL.md
Fix CSP Compliance - Unsafe Inline Scripts
Key Rules
- NEVER delete inline script content. Always extract it to an external
.jsfile and replace the inline<script>...</script>with<script src="filename.js"></script>. Even trivial config objects, debug flags, or seemingly unused code must be externalized — removal is a functional regression. - File naming: use a descriptive name matching the content's purpose (e.g.,
appConfig.jsfor configuration,init.jsfor initialization).
This skill fixes Content Security Policy (CSP) compliance issues that the UI5 linter detects but cannot auto-fix because they require restructuring code into external files.
Linter Rule Handled
| Rule ID | Message Pattern | Severity | This Skill's Action |
|---|---|---|---|
csp-unsafe-inline-script |
Use of unsafe inline script | Warning | Move to external JS file |