Appropriate CSP headers only allow external CSS and JavaScript to load from ‘self’ (the current domain) and any domains specifiically listed in the header. All inline code gets ignored unless you also add ‘unsafe-inline’ to the header (acknowledging that inline code is unsafe). This is a security measure that any web site can implement to block cross site CSS and scripting once they have their site written properly to keep the HTML, CSS and JavaScript in separate files.
There are also extensions available for Firefox, Chrome, Opera and Vivaldi that allow the browser owner to apply the same security measures in their browser so as to provide themselves additional security protection. There may be extensions also available for other browsers but I haven’t checked.
Funny - where I come from, the normal response would be “Thank you, @James_Hibbard” …
But please stop asking this. You know perfectly well by now what the response will be.
When you ask a question here, we aim to ensure that answers will reflect best practice, as Pullo’s has done. For some reason, though, you have a fixation with the kind of code which went out with the Ark. While there is nothing to stop you taking Pullo’s good, clean, functioning code and messing it up to your heart’s content, you should not expect other members here to go down the same road.
So, as I said, feel free to convert it yourself, but please stop asking to be spoon-fed bad code.
I want to have one button control both play and pause, so there’s only 1 button. That’s what I’m trying to accomplish. https://jsfiddle.net/c8a7n40s/2/
Anyway once you implement appropriate security on your site all the inline CSS and JavaScript will stop working as proper security doesn’t allow that as it is a security risk as others can insert their own CSS and JavaScript into your page to install viruses onto your visitors computers and then you’ll get the blame.