Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add nonces to script tags #177

Merged
merged 2 commits into from
Feb 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion exampleassay/resources/assay/example/views/upload.html
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
</a>
</p>

<script type="text/javascript">
<script type="text/javascript" nonce="<%=scriptNonce%>">

function done()
{
Expand Down
2 changes: 1 addition & 1 deletion interactiveTutorial/resources/views/Lab Results.html
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<div id='divLabResults'/>
<script type="text/javascript">
<script type="text/javascript" nonce="<%=scriptNonce%>">

// Ensure that page dependencies are loaded
LABKEY.requiresExt3ClientAPI(function() {
Expand Down
2 changes: 1 addition & 1 deletion interactiveTutorial/resources/views/Physical Exam.html
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<div id='divPhysicalExam'/>
<script type="text/javascript">
<script type="text/javascript" nonce="<%=scriptNonce%>">

// Ensure that page dependencies are loaded
LABKEY.requiresExt3ClientAPI(function() {
Expand Down
2 changes: 1 addition & 1 deletion reactExamples/resources/views/demoWebpart.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<script type="application/javascript">
<script type="text/javascript" nonce="<%=scriptNonce%>">
+function() {
LABKEY.App.loadApp('demoWebpart', <%=webpartContext%>.wrapperDivId);
}();
Expand Down
2 changes: 1 addition & 1 deletion sourdough/resources/views/_header.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<script>
<script type="text/javascript" nonce="<%=scriptNonce%>">
const elems = document.querySelectorAll("div[id^='ModuleHtmlView']");
elems[0].style.display = "inline";
</script>
Expand Down
16 changes: 9 additions & 7 deletions sourdough/resources/views/login.html
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,15 @@
<input id="email" name="email" type="text" class="input-block" tabindex="1" autocomplete="off">
<label for="password">Password</label>
<div class="forgot-password-link">
<a href="login-resetPassword.view?">Forgot password</a>
<a href="login-resetPassword.view">Forgot password</a>
</div>
<input id="password" name="password" type="password" class="input-block" tabindex="2" autocomplete="off">
<input tabindex="3" type="checkbox" name="remember" id="remember" checked> Remember my email address
<div class="termsOfUseSection" hidden>
<div class="auth-header auth-item">Terms of Use</div>
<div class="toucontent auth-item termsOfUseContent"></div>
<div class="auth-item">
<input type="checkbox" tabindex="4" name="approvedTermsOfUse" id="approvedTermsOfUse" class="auth-item" unchecked>
<input type="checkbox" tabindex="4" name="approvedTermsOfUse" id="approvedTermsOfUse" class="auth-item">
<label for="approvedTermsOfUse">I agree to these terms</label>
</div>
</div>
Expand All @@ -23,7 +23,7 @@
<input type="submit" tabindex="-1" class="loginSubmitButton"/>
<a tabindex="5" class="labkey-button primary signin-btn"><span>Sign In</span></a>
<span class="registrationSection" hidden>
<a class="labkey-button" id="registerButton" href="login-register.view?">Register</a>
<a class="labkey-button" id="registerButton" href="login-register.view">Register</a>
</span>
</div>
<div class="signing-in-msg" hidden>
Expand All @@ -36,8 +36,10 @@
</div>
</form>

<script type="application/javascript" nonce="<%= scriptNonce %>">
if (LABKEY.ActionURL.getParameter('returnUrl')) {
document.getElementById('registerButton').href += 'returnUrl=' + encodeURIComponent(LABKEY.ActionURL.getParameter('returnUrl'));
}
<script type="text/javascript" nonce="<%=scriptNonce%>">
LABKEY.Utils.onReady(function() {
if (LABKEY.ActionURL.getParameter('returnUrl')) {
document.getElementById('registerButton').href += '?returnUrl=' + encodeURIComponent(LABKEY.ActionURL.getParameter('returnUrl'));
}
});
</script>
2 changes: 1 addition & 1 deletion sourdough/resources/views/styling.html
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<img class="loaf" src="https://media.tenor.com/TTTGbs0vtOEAAAAi/bread-spin.gif" alt="bouncing bread"/>

<div>
Click <a href="<%=contextPath%>/project<%=containerPath%>/sourdough-styling.view"> here </a> to see this panel as a full page!
Click <a href="<%=contextPath%><%=containerPath%>/sourdough-styling.view"> here </a> to see this panel as a full page!
</div>
</div>

Expand Down