javascript:void(0) in <a> causing CSP error when 'unsafe-inline' is not allowed!

[ryanelian]

Refused to execute JavaScript URL because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution.

https://github.com/cristijora/vue-tabs/blob/master/src/components/VueTabs.js#L155

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

Probably should change:

<a href="javascript:void(0)"

into:

<a href="#"

[moondef]

Fixed
PR