After creating 2 plugins I tried to make them a little bit safer. One of the things I noticed was that the plugins do not work with very restrictive CSP configurations. In particular, these are unsafe-inline and unsafe-eval. I would not consider this critical, but at least it would be a "nice-to-have". But even if I customize my own plugins, Roundcube itself doesn't work anymore when I apply the mentioned CSP rules, because many functions from Roundcube itself also need the above mentioned rules.
So I wanted to ask if it is planned to change JavaScript and Co. in Roundcube so that the above rules are no longer needed? Is there already a kind of roadmap or an approximate time schedule?