Add a Content Security Policy

app/views/exercises/feedback.html.slim

@@ -36,4 +36,5 @@ h1 = link_to_if(policy(@exercise).show?, @exercise, exercise_path(@exercise))
 
   = render('shared/pagination', collection: @feedbacks)
 
-  script type="text/javascript" $(function () { $('[data-bs-toggle="tooltip"]').tooltip() });
+  = javascript_tag nonce: true do
+    | $(function () { $('[data-bs-toggle="tooltip"]').tooltip() });

app/views/layouts/application.html.slim

@@ -15,8 +15,8 @@ html lang="#{I18n.locale || I18n.default_locale}"
     = javascript_include_tag('application', 'data-turbolinks-track': true)
     = yield(:head)
     = csrf_meta_tags
-    = timeago_script_tag
-    script type="text/javascript"
+    = timeago_script_tag nonce: true
+    = javascript_tag nonce: true do
       | I18n.defaultLocale = "#{I18n.default_locale}";
       | I18n.locale = "#{I18n.locale}";
       - if SentryJavascript.active?

app/views/request_for_comments/show.html.slim

@@ -79,7 +79,7 @@
 
 = render('shared/modal', id: 'comment-modal', title: t('exercises.implement.comment.dialogtitle'), template: 'exercises/_comment_dialogcontent')
 
-javascript:
+javascript [nonce=content_security_policy_nonce]:
 
   $('.modal-content').draggable({
     handle: '.modal-header'