Blogs: Allow inline <style> in blog posts

Match https://github.com/jquery/blog.jquery.com-theme/blob/16621e9932405b5c93eb260ac28457c5b15348d4/jquery/functions.php#L295

Ref jquery/infrastructure-puppet#17.

Author: Krinkle

plugins/jquery-filters.php

@@ -85,8 +85,8 @@
 	$report_url = 'https://csp-report-api.openjs-foundation.workers.dev/';
 	$policy = array(
 		'default-src' => "'self'",
-		'script-src' => "'self' 'nonce-$nonce' code.jquery.com",
 		// The nonce is here so inline scripts can be used in the theme
+		'script-src' => "'self' 'nonce-$nonce' code.jquery.com",
 		'style-src' => "'self' 'nonce-$nonce' code.jquery.com",
 		// Allow style="" attributes in blog posts and markdown.
 		'style-src-attr' => "'unsafe-inline'",
@@ -113,6 +113,9 @@
 		// and workers from blob: URLs
 		$policy[ 'script-src' ] = "'self' 'unsafe-inline' blob: code.jquery.com";
 		$policy[ 'style-src' ] = "'self' 'unsafe-inline' code.jquery.com";
+	} elseif ( get_option( 'jquery_is_blog' ) ) {
+		// Allow <style> in blog posts
+		$policy[ 'style-src' ] = "'self' 'unsafe-inline' code.jquery.com";
 	}
 
 	$policy_string = '';