gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-06-18 02:59:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add new method htmlAddJsHeader() which adds script with nonces

Browse Source
This commit is contained in:
Uwe Steinmann 2020-09-15 12:14:15 +02:00
parent f0d5821bd1
commit b9748576dc
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
views/bootstrap/class.Bootstrap.php
View File

@ -33,6 +33,7 @@ class SeedDMS_Bootstrap_Style extends SeedDMS_View_Common {
parent::__construct($params, $theme); parent::__construct($params, $theme);
$this->extraheader = array('js'=>'', 'css'=>''); $this->extraheader = array('js'=>'', 'css'=>'');
$this->footerjs = array(); $this->footerjs = array();
$this->nonces = array();
} }
/** /**
@ -57,7 +58,12 @@ class SeedDMS_Bootstrap_Style extends SeedDMS_View_Common {
* Content-Security-Policy since version 23+ * Content-Security-Policy since version 23+
* 'worker-src blob:' is needed for cytoscape * 'worker-src blob:' is needed for cytoscape
*/ */
$csp_rules = "script-src 'self' 'unsafe-eval';"; $csp_rules = '';
$csp_rules .= "script-src 'self' 'unsafe-eval'";
if($this->nonces) {
$csp_rules .= " 'nonce-".implode("' 'nonce-", $this->nonces)."'";
}
$csp_rules .= ";";
$csp_rules .= " worker-src blob:;"; $csp_rules .= " worker-src blob:;";
//$csp_rules .= "style-src 'self';"; //$csp_rules .= "style-src 'self';";
/* Do not allow to embed myself into frames on foreigns pages */ /* Do not allow to embed myself into frames on foreigns pages */
@ -145,6 +151,12 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
$this->extraheader[$type] .= $head; $this->extraheader[$type] .= $head;
} /* }}} */ } /* }}} */
function htmlAddJsHeader($script) { /* {{{ */
$nonce = createNonce();
$this->nonces[] = $nonce;
$this->extraheader['js'] .= '<script type="text/javascript" src="'.$script.'" nonce="'.$nonce.'"></script>'."\n";
} /* }}} */
function htmlEndPage($nofooter=false) { /* {{{ */ function htmlEndPage($nofooter=false) { /* {{{ */
if(!$nofooter) { if(!$nofooter) {
$hookObjs = $this->getHookObjects('SeedDMS_View_Bootstrap'); $hookObjs = $this->getHookObjects('SeedDMS_View_Bootstrap');