Better support for CSP

First of all, thanks for your hard work bringing this extension to existence.

I'd love to use SermonSpeaker on my site, there is just one issue.
My site has a very strict CSP , allowing only scripts only from 'self' (aka. disallowing inline scripts), which breaks the plugin.
I usually solve this issue by generating hashes of the inline scripts and adding them to the CSP header.
This however doesn't work in this case, as some inline scripts have certain IDs (and names) hard coded into them: I'd need to generate a new hash for every speaker I add and everything would break if I changed the name, which, simply put, just isn't an option.

would it be possible to either

• move the scripts into a file (which would be allowed by
  Code:

  script-src 'self'
  ) or to
• make it so that IDs and names are not hard coded into the inline scripts, which would make hashing a viable solution

I know that this might be an edge case, but it would mean the world to me.
Also, maybe I just overlooked something and there already is a solution for this.

Thanks a lot

I can't simply move them to a file since they are dynamically generated. I have to rewrite them to use data attributes so the generic Javascript can stay in a file.
But you're right, that is something I need to do as it is best practice nowadays. Unfortunately I need more time to write Javascript code than I need to write PHP stuff. Javascript is still a strange beast to me

Wow, didn't expect such a quick reply.

Yeah, without looking at the code, I was already afraid that it wouldn't be a quick fix.
I can relate to the JavaScript part though, weird stuff If I find the time I might be able to contribute some code. I do know my way around JavaScript and PHP, just not in the context of Joomla, so we'll see...