Library is not CSP compliant #106
Description
Because of lines like this:
https://github.com/ramon82/zuck.js/blob/master/src/zuck.js#L431
this library breaks CSP protections and thus cannot be used unless specifying "unsafe-inline", which completely negates the use of the protection in the first place.
To address this, these items should be constructed as DOM elements and then attached to the relevant container.