Remove the inline JS event handler in the `NavMenu` component?

[guardrex]

Is there an existing issue for this?

• I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

cc: @danroth27 ... IIRC, we chatted about this a few months back. I'm working on CSP guidance updates, and I'm going to add some guidance on it because it 💥 for a CSP that doesn't address it with the most recent templates.

The NavMenu has ...

<div ... onclick="document.querySelector('.navbar-toggler').click()">

Cross-ref: https://github.com/dotnet/aspnetcore/blob/main/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Layout/NavMenu.razor#L15

... and it's only in the BWA project template, not the Blazor WebAssembly template.

This will require me to include CSP guidance with ...

'unsafe-hashes' 'sha256-qnHnQs7NjQNHHNYv/I9cW+I62HzDJjbnyS/OFzqlix0='

The HTML spec remarks seem to be saying, 'Don't do it!' 😄 Not so much for the exact example that they give (<a onclick="transferAllMyMoney()">Transfer</a> ... <script>transferAllMyMoney()</script>), but just because it implies that it might be ok to take the approach generally.

I don't see an open issue to consider removing it.

Describe the solution you'd like

Get rid of the inline event handler, which would mirror spec guidance and allow us to drop our CSP guidance on it.

Additional context

No response