With xtermjs 5.0, the canvas renderer is no longer built in. Since renderer add-ons cannot be loaded until the terminal open() call is done, it seems the DOM renderer briefly is activated before the canvas or webgl renderer takes over. And it appears that the DOM renderer creates style elements into the DOM, which is blocked by tight content security policies that don't allow unsafe-inline styles. With xtermjs 4.x since the canvas renderer was built in, this did not happen.

Note that despite the errors, things will work just fine once the webgl or canvas renderers take over.

Details

• Browser and browser version: Chrome 105.0.5195.125 but also happens with other browsers
• OS version: macOS 12.6
• xterm.js version: 5.0.0

Steps to reproduce

1. Using a web server that has a tight content security policy that doesn't allow unsafe-inline styles, load xtermjs into a web page
2. Observe unsafe inline style warnings in the web console

The style warnings are expected with the DOM renderer since it creates style elements to the DOM. But this is also happening when using the canvas and webgl renderers because you cannot load them before the terminal open() call.

A screenshot of the errors are attached.