ABOUT US

What is the unsafe-inline?
 "The unsafe-inline Content Security Policy (CSP) keyword allows the execution of inline scripts or styles."
 "Allows the use of inline resources, such as inline <script> elements, javascript: URLs, inline event handlers, and inline <style> elements."
If you add unsafe-inline keyword to your policy, attacker can try something like this.
/site?query=<script>alert('unsafe')</script>
For more information:
unsafe-inline ⟶ CSP Guide
How to use the unsafe-inline directive in a CSP policy
content-security-policy.com
CSP: script-src - HTTP | MDN
The HTTP Content-Security-Policy (CSP) script-src directive specifies valid sources for JavaScript. This includes not only URLs loaded directly into <script> elements, but also things like inline script event handlers (onclick) and XSLT stylesheets which can trigger script execution.
developer.mozilla.org
The meaning of unsafe-inline is a little different for us. 
Unsafe-inline is a team that aim to develop security software, research vulnerability on various platforms. 
UNSAFE
Last updated 5 months ago