Feature request: No inline style option for ReactOnRailsHelper#react_component

[tangrufus]

Feature request:
Add a no inline style option to ReactOnRailsHelper#react_component to skip style: "display:none"

Reason:
Eliminate the needs of unsafe-line for Content Security Policy

Related file:

react_on_rails/app/helpers/react_on_rails_helper.rb

Line 62 in a9b7d47

style: "display:none",

[justin808]

Why are display:none lines unsafe?

@tangrufus Would you like to create a PR for this? The option could be "skip_display_none", with a default of false.

I'd like to get some community feedback on the option name. Do we need a CSS style for "js-react-on-rails-component" for "display:none"?

[tangrufus]

display:none lines are safe.

However, if style-src: 'unsafe-inline' are included in content security policy headers, browsers would execute all inline styles from any source. Somebody could hijack the web page.

PR created. Thanks!

[justin808]

See #174. We need to get tests included and we can add this.

[justin808]

@tangrufus Any updates?

[aaronvb]

@justin808 @tangrufus Closing this. See #218