github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-07 06:35:26 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

CSP - extract all other inline JavaScripts (#6528)

Browse Source 
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
This commit is contained in:
Kyle Zhao 2018-10-25 09:52:01 -04:00 committed by GitHub
parent 56e0f47bcd
commit a6eca28ec6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 71 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/assets/javascripts/activate-account.js.no-module.es6 Normal file
View File

@ -0,0 +1,24 @@
(function() {
setTimeout(function() {
const $activateButton = $("#activate-account-button");
$activateButton.on("click", function() {
$activateButton.prop("disabled", true);
const hpPath = document.getElementById("data-activate-account").dataset
.path;
$.ajax(hpPath)
.then(function(hp) {
$("#password_confirmation").val(hp.value);
$("#challenge").val(
hp.challenge
.split("")
.reverse()
.join("")
);
$("#activate-account-form").submit();
})
.fail(function() {
$activateButton.prop("disabled", false);
});
});
}, 50);
})();

6
app/assets/javascripts/auto-redirect.js.no-module.es6 Normal file
View File

@ -0,0 +1,6 @@
(function() {
const path = document.getElementById("data-auto-redirect").dataset.path;
setTimeout(function() {
window.location.href = path;
}, 2000);
})();

14
app/assets/javascripts/omniauth-complete.js.no-module.es6 Normal file
View File

@ -0,0 +1,14 @@
(function() {
const { authResult, baseUrl } = document.getElementById(
"data-auth-result"
).dataset;
const parsedAuthResult = JSON.parse(authResult);
if (!window.opener) {
localStorage.setItem("lastAuthResult", authResult);
window.location.href = `${baseUrl}?authComplete=true`;
} else {
window.opener.Discourse.authenticationComplete(parsedAuthResult);
window.close();
}
})();

3
app/assets/javascripts/print-page.js Normal file
View File

@ -0,0 +1,3 @@
document.addEventListener("DOMContentLoaded", function() {
window.print();
});

4
app/assets/javascripts/wizard-start.js.no-module.es6 Normal file
View File

@ -0,0 +1,4 @@
(function() {
var wizard = require("wizard/wizard").default.create();
wizard.start();
})();

6
app/views/topics/show.html.erb
View File

@ -110,10 +110,6 @@
color: #0088cc !important; color: #0088cc !important;
} }
</style> </style>
<script> <%= preload_script('print-page') %>
document.addEventListener("DOMContentLoaded", function() {
window.print();
});
</script>
<% end %> <% end %>
<% end %> <% end %>

14
app/views/user_api_keys/new.html.erb
View File

@ -28,20 +28,8 @@
<%= hidden_field_tag 'push_url', @push_url %> <%= hidden_field_tag 'push_url', @push_url %>
<%= hidden_field_tag 'public_key', @public_key%> <%= hidden_field_tag 'public_key', @public_key%>
<%= hidden_field_tag 'scopes', @scopes%> <%= hidden_field_tag 'scopes', @scopes%>
<%= submit_tag t('user_api_key.authorize'), class: 'btn btn-danger', id: 'submit' %> <%= submit_tag t('user_api_key.authorize'), class: 'btn btn-danger' %>
<% end %> <% end %>
<script>
window.__submitted = false;
// prevent double submission which would invalidate the nonce
document.getElementById('submit').addEventListener('click', function(e){
if (window.__submitted) {
e.preventDefault();
} else {
window.__submitted = true;
}
});
</script>
</div> </div>
<% end %> <% end %>

7
app/views/users/_auto_redirect_home.html.erb
View File

@ -1,7 +0,0 @@
<script language="javascript">
(function() {
setTimeout(function() {
window.location.href = '<%= path("/") %>';
}, 2000);
})();
</script>

19
app/views/users/activate_account.html.erb
View File

@ -13,22 +13,7 @@
<%= preload_script "ember_jquery" %> <%= preload_script "ember_jquery" %>
<%= preload_script "vendor" %> <%= preload_script "vendor" %>
<%= render_google_universal_analytics_code %> <%= render_google_universal_analytics_code %>
<%= tag.meta id: 'data-activate-account', data: { path: path('/u/hp') } %>
<%- end %> <%- end %>
<script language="javascript"> <%= preload_script "activate-account" %>
(function() {
setTimeout(function() {
var $activateButton = $('#activate-account-button');
$activateButton.on('click', function() {
$activateButton.prop('disabled', true);
$.ajax("<%= path "/u/hp" %>").then(function(hp) {
$('#password_confirmation').val(hp.value);
$('#challenge').val(hp.challenge.split("").reverse().join(""));
$('#activate-account-form').submit();
}).fail(function() {
$activateButton.prop('disabled', false);
});
});
}, 50);
})();
</script>

17
app/views/users/omniauth_callbacks/complete.html.erb
View File

@ -15,6 +15,11 @@
border-bottom-color: #999; border-bottom-color: #999;
} }
</style> </style>
<%= tag.meta id: 'data-auth-result', data: {
auth_result: @auth_result.to_client_hash,
base_url: Discourse.base_url
} %>
<%= preload_script('omniauth-complete') %>
</head> </head>
<body> <body>
@ -23,18 +28,6 @@
<%=t "login.auth_complete" %> <%=t "login.auth_complete" %>
<a href="<%= Discourse.base_url.html_safe %>?authComplete=true"><%= t("login.click_to_continue") %></a> <a href="<%= Discourse.base_url.html_safe %>?authComplete=true"><%= t("login.click_to_continue") %></a>
</p> </p>
<script type="text/javascript">
var authResult = <%=@auth_result.to_client_hash.to_json.html_safe%>;
if (!window.opener) {
localStorage.setItem('lastAuthResult', JSON.stringify(authResult));
window.location.href = '<%= Discourse.base_url.html_safe %>?authComplete=true';
} else {
window.opener.Discourse.authenticationComplete(authResult);
window.close();
}
</script>
</div> </div>
</body> </body>
</html> </html>

5
app/views/users/perform_account_activation.html.erb
View File

@ -13,7 +13,10 @@
<% else %> <% else %>
<p><%= t('activation.please_continue') %></p> <p><%= t('activation.please_continue') %></p>
<p><a class="btn" href="<%= path "/" %>"><%= t('activation.continue_button', site_name: SiteSetting.title) -%></a></p> <p><a class="btn" href="<%= path "/" %>"><%= t('activation.continue_button', site_name: SiteSetting.title) -%></a></p>
<%= render partial: 'auto_redirect_home' %> <%- content_for(:no_ember_head) do %>
<%= tag.meta id: 'data-auto-redirect', data: { path: path('/') } %>
<%- end %>
<%= preload_script 'auto-redirect' %>
<% end %> <% end %>
<%end%> <%end%>
</div> </div>

8
app/views/wizard/index.html.erb
View File

@ -17,12 +17,6 @@
<body class='wizard'> <body class='wizard'>
<div id='wizard-main'></div> <div id='wizard-main'></div>
<%= preload_script 'wizard-start' %>
<script>
(function() {
var wizard = require('wizard/wizard').default.create();
wizard.start();
})();
</script>
</body> </body>
</html> </html>

5
config/application.rb
View File

@ -121,6 +121,11 @@ module Discourse
google-universal-analytics.js google-universal-analytics.js
preload-application-data.js preload-application-data.js
authentication-complete.js authentication-complete.js
print-page.js
omniauth-complete.js
activate-account.js
auto-redirect.js
wizard-start.js
} }
# Precompile all available locales # Precompile all available locales

2
spec/views/omniauth_callbacks/complete.html.erb_spec.rb
View File

@ -6,7 +6,7 @@ require_dependency "auth/result"
describe "users/omniauth_callbacks/complete.html.erb" do describe "users/omniauth_callbacks/complete.html.erb" do
let :rendered_data do let :rendered_data do
JSON.parse(rendered.match(/var authResult = (.*);/)[1]) JSON.parse(rendered.match(/data-auth-result="([^"]*)"/)[1].gsub('&quot;', '"'))
end end
it "renders auth info" do it "renders auth info" do