Content Security Policy warning

[mikeazo]

In Firefox and Chrome (haven't tried IE), I'm getting a content security policy warning upon calling $.ajax. If I change the content security policy to unsafe-inline on script-src, the issue goes away.

I used the debugger to track the issue. It appears to happen when the iframe is appended to the body.

I change line 193,194 from

iframe = $("<iframe src='javascript:false;' name='" + name +
            "' id='" + name + "' style='display:none'></iframe>");

to

iframe = $("<iframe name='" + name +
            "' id='" + name + "' style='display:none'></iframe>");

and the warning goes away. I am not sure, however, what else this might affect.