Hi All,

Due to some dynamic analysis tooling we are running on our product, pages generated by Juneau from Rest annotations on a Serlvet are flagged as insecure because the HTML contains script and style elements that are not using a nonce or a hash attribute.

Is there any interest here in support of this?

If so, I might be able to provide a PR, not 100% sure, since I've only looked at the source enough to see where the script tag is written. 

Thank you,