fix-csp-compliance

Installation
SKILL.md

Fix CSP Compliance - Unsafe Inline Scripts

Key Rules

  1. NEVER delete inline script content. Always extract it to an external .js file and replace the inline <script>...</script> with <script src="filename.js"></script>. Even trivial config objects, debug flags, or seemingly unused code must be externalized — removal is a functional regression.
  2. File naming: use a descriptive name matching the content's purpose (e.g., appConfig.js for configuration, init.js for initialization).

This skill fixes Content Security Policy (CSP) compliance issues that the UI5 linter detects but cannot auto-fix because they require restructuring code into external files.

Linter Rule Handled

Rule ID Message Pattern Severity This Skill's Action
csp-unsafe-inline-script Use of unsafe inline script Warning Move to external JS file

When to Use

Installs
10
GitHub Stars
25
First Seen
12 days ago
fix-csp-compliance — ui5/plugins-coding-agents