|In the Anarki repo, I noticed this comment above the `js-ext` in `lib/html.arc`:|
; for strict CSP rules, inline code is allowed if the SHA-256 hash is included
; in the CSP headers. So it's better to either not restrict inline code, or
- Should it be disallowed in CSP rules in Arc?
- Does this mean that `votelink` should be modified to not use the `onclick` attribute?