setAttribute incompatible with Content-Security-Policy without unsafe-inline

In a few cases, it seems that ToastUI chart uses `elem.setAttribute("style","a: b")` instead of `elem.style.a = b`. I don't know if this has any advantage, but `setAttribute` requires `style-src unsafe-inline` while `.style` works fine with a strict Content-Security-Policy.