Allow inline scripts, styles, or event handlers (e.g., onclick) for the selected directive.

This is needed when plugins use inline JavaScript or CSS that cannot be refactored to use external files. Modern plugins should avoid this by using external files instead. Note: As of late 2025, Jenkins allows style-src: 'unsafe-inline' by default.

Allowing 'unsafe-inline' significantly weakens Content Security Policy protections and should be avoided when possible. It can be exploited by attackers through cross-site scripting (XSS) vulnerabilities.