Avoid inline JavaScript
The project use many inline javascript such as <script>code</script>
tags, it's better to use <script src="file.js"></script>
which is:
- safer when CSP is used without
unsafe-inline
directive. - more performance if caching is used for the loaded .js file.