@shpuld @Moon In theory yes, in practice it's always easy to accidentally have something slip through (it happened to Pleroma, too!) and that's exactly why CSP exists in the first place. The «alternative» proposed in the docs (hx-disable) is also very easily bypassed.

I'm not saying it's inherently insecure, just that it has footgun potential. It seems like a cool idea otherwise. I kind of want to try it with something like TailwindCSS and see how far I can get only writing HTML.