* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy
* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'
Only handle ones that don't return a value.
* Use @data-on-click to attach inline click event handlers with no args and no return value
* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument
* Enforce a script-src CSP on views without inline JS
* Convert some onchange attributes to data-on-change
* initial implementation of privacy popup
* split the privacy text and run it through translate
* change style of toggle button, validate the form
* fix copy/paste error
* fix typos
* display privacy view inline rather than popup
* display privacy inline if show_privacy flag set
* redirect to console after selection is made
* typo
* css formatting
* update privacy verbiage
* create and load default.php
* fix typos
* fix erroneous copy/paste