@simonbrunel

I just build the new Chart.js bundle and added it to my test page. Everything seems to work fine (CSP was set via the <meta http-equiv="Content-Security-Policy"): https://sebastianniemann.github.io/Chart.js-CSP-demo/

Given that I am still neither familiar with the Chart.js coding style (I am used to very strict linting rules doing this job 😅 ) nor which ECMAScript/browser versions should be supported, my review was mostly focused on whether the PR fixes the CSP as well as looking for any obvious oversight.

Thanks @sebastianniemann

I am used to very strict linting rules doing this job

Similar rules are setup for that project and automatically checked by our CI

... mostly focused on whether the PR fixes the CSP as well as looking for any obvious oversight.

Exactly what I was expecting, thanks ;)

As explained in this comment, I'm not completely happy with the option name: useExternalStylesheet.

What about: disableStylesheetInjection (similar to the initial proposal)? (or shorter disableCSSInjection)

Or if we don't want a negative option, enable(Stylesheet|CSS)Injection (default true)

Better suggestions?

How about just injectCSS (default true)?

Something like injectCSS or disableCSSInjection sound good to me. Being used to activate flags (= true) and given that I usually only want to set this option to disable the injection, I would favour disableCSSInjection. However, both ways seem clear to me.

Similar rules are setup for that project and automatically checked by our CI

I didn't meant to depreciate the linter process in any means 😃 , just wanted to explain myself, as I always have to work with a very nitpicking and merciless linter at our company on a daily basis. Therefore, I usually do not to review any non-company code regarding its coding style, to avoid to be too nitpicking myself 😉

I agree with the renaming. My vote would be for disableCSSInjection since CSS is shorter than Stylesheet. I would name the variable internally as var injectCSS = !platform.disableCSSInjection to avoid the negative in the code, but I think for user options it makes sense to set an option to true when using it, so like disable in the name

I also prefer disableCSSInjection since I think a falsy value is a better default.

I don't personally like having enable/disable in a boolean property name, because the value brings that part. But lets ignore that :)

Also a good point. I would be fine with injectCSS as well

I would say it the other way around. Because disable/enable/is/has/use is making it very clear that a variable holds a boolean value, it adds to the readability. Being able to guess/know a variable's type correctly just by reading its name seems to be a good thing to me.

I would be fine with injectCSS if it was a property of an options/config object but as part of the platform interface, it sounds too much like a method with immediate impact. I would also prefer false as default and I'm not sure what would be the negative/opposite of injectCSS?

What about preventCSSInjection? @kurkle is it better than disableCSSInjection?

Maybe let's stick with disableCSSInjection then. I like it more than preventCSSInjection

To me, disableCSSInjection is better than preventCSSInjection. Prevent does not sound absolute.

@simonbrunel Sorry for not replying earlier. I was in vacation for last weeks. This is awesome work. Thanks a lot!

Looking good! When can we expect this to be released?

@timseverien I would expect it soon (no date planned) but we still need to figure out a few things around the new date adapters before releasing it.