docs: v0.42.2 release — CSP unsafe-inline fix (564 tests) (#210)

Co-authored-by: Nathan Esquenazi <nesquena@gmail.com>
2026-04-09 19:08:30 -07:00
parent cc8cbc4d3f
commit 31281a6025
2 changed files with 6 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,11 @@
 ---


+## [v0.42.2] — 2026-04-10
+
+### Bug Fixes
+- **CSP blocking inline event handlers** (PR #209): `script-src 'self'` blocked all 55+ inline `onclick=` handlers in `index.html`, making the settings panel, sidebar navigation, and most interactive controls non-functional. Added `'unsafe-inline'` to `script-src`. Also restores `https://cdn.jsdelivr.net` to `script-src` and `style-src` for Mermaid.js and Prism.js (dropped in v0.42.1).
+
 ## [v0.42.1] — 2026-04-11

 ### Bug Fixes