Way to modify / replace DOM render function for CSP compliance

I’m using a content-security-policy that disallows inline-styles. As the mdn article says, it will allow js to set domElement.style.attribute = x, but disallows setAttribute('style', string'). It seems like there are a couple of cases where prosemirror-menu tries to do that (e.g. here)

I feel like this might be an edge case and as I look through the code I don’t see an obvious way to modify it but I think I can work around.

For anyone else who finds this, the menu option floating: false (e.g. prosemirror-example-setup/index.js at master · ProseMirror/prosemirror-example-setup · GitHub ) will prevent the positioning effects using inline styles.