[3.x] Backport Make sure the renderer does not manipulate the inline CSS and JS

[zero-24]

Pull Request for Issue #28719

Summary of Changes

Backports the changes from #28719 to 3.x

Testing Instructions

make sure the inline css and inline js still works as exptected.

Expected result

the renderer does not manipulate the inline css and JS

Actual result

the renderer does manipulate the inline css and JS that make CSP hashbased whitelisting not possible.

Documentation Changes Required

none

[viocassel]

I have tested this item ✅ successfully on 1e51b54

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/28720.}

[wilsonge]

@zero-24 i think in this case i do wanna see what happens in an xhtml template. these were actually a thing at the start of Joomla 3. And in J4 i can kinda justify if that breaks and we can fix but not sure it's an option for j3

[zero-24]

Do you have a xhtml template? I don't touch the dedicated xhtml supported mention in the comments to be sure.

[zero-24]

Any update here @wilsonge ? Right now this PR does not touch the xhtml code and just the none xhtml places so this should be fine to be backported from the 4.x PR

[wilsonge]

I don't have one :( all the templates I'm using are HTML5. If you're confident just merge it

[HLeithner]

@zero-24 I would move this to 3.10 since people using csp with hashes would break there site or I'm wrong?

[zero-24]

Well why? You can already have a site that use hashes in 3.x. well not autgenerated right now as the renderer is broken..

[HLeithner]

can I add the hash to the renderer now? I didn't looked at it it's only something come into my mind

Edit: ok can't be added to this function so looks ok