To allow the generated HTML reports to better comply with W3C Content Security Policy (CSP) specifications, it would be helpful to move the few inline styles within the generated HTML output to instead reference a separate CSS file.
+1 this seem to break styles after publishing HTML coverage reports on Jenkins due to default Content-Secuity-Policy https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
In browser console I see errors like:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-lHXTXVoMUY2/p3pxQI6CRA0n02Rrs2+ZoQFL/rrqCXA='), or a nonce ('nonce-...') is required to enable inline execution.
Header is Content-Security-Policy:sandbox; default-src 'none'; img-src 'self'; style-src 'self';
Also html publisher plugin folks already stated that they won't fix it on their side: https://issues.jenkins-ci.org/browse/JENKINS-32590
Problem isn't just with the inline-style, but also with the 'sandbox' CSP, since HTML publisher loads the report in an iframe:
Blocked script execution in 'https://<jenkins/Coverage_Report/index.html' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.inject
+1
Most helpful comment
Problem isn't just with the inline-style, but also with the 'sandbox' CSP, since HTML publisher loads the report in an iframe: