Cordova - refuse to execute inline event handler because it violates the following content Security policy

Check this link, it says:

Inline JavaScript will not be executed. This restriction bans both inline <script> blocks and inline event handlers (e.g. button onclick="...").

To avoid cross-site scripting issues like below specified

one.app#/home:1 Refused to execute inline event handler because it violates the following ContentSecurity Policy directive: "script-src 'self' 'nonce-d452460d-e219-a6e5-5709-c8af6ca82889'chrome-extension: 'unsafe-inline' 'unsafe-eval' https://sfdc.azureedge.net *.na34.visual.force.com https://ssl.gstatic.com/accessibility/". Note that 'unsafe-inline'is ignored if either a hash or nonce value is present in the source list.

Go for event listener functions instead of onclick='myFun()".

<body onload="main();">    <button onclick="clickHandler(this)">        Click for awesomeness!    </button></body><script>    function clickHandler(element) {        // On click Code    }    function main() {        // Initialization work goes here.    }</script>

In order to to work with new Browser you need to write your code with a clean separation between content and behavior.

<body>  <button>Click for awesomeness!</button></body><script src="popup.js"></script><!-- popup.js -->    document.addEventListener('DOMContentLoaded', function () {      document.querySelector('button').addEventListener('click', clickHandler);      main();    });    function clickHandler(element) {        // On click Code    }    function main() {        // Initialization work goes here.    }<!-- popup.js -->

Try adding img-src * to the Content-Security-Policy tag:

<meta http-equiv="Content-Security-Policy"         content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src *">