Add nonce to javascript tags

author: Benjamin Neff <benjamin@coding4coffee.ch> 2016-09-08 03:23:46 +0300
committer: Dennis Schubert <mail@dennis-schubert.de> 2016-09-30 03:10:37 +0300
commit: 6ec0fd4b9fa6ca407529af2584d06100c983c76e (patch)
tree: 2b06c581ae1014183dc1b70ad769b56da2c9bf5d /app/views
parent: 4da1c78bb77a6f02179433cf24ce4b1235d13abd (diff)
3 files changed, 21 insertions, 20 deletions
diff --git a/app/views/conversations/new.mobile.haml b/app/views/conversations/new.mobile.haml
index 32d328b0f..6a7a1c0da 100644
--- a/app/views/conversations/new.mobile.haml
+++ b/app/views/conversations/new.mobile.haml
@@ -2,25 +2,26 @@
 -#   licensed under the Affero General Public License version 3 or later.  See
 -#   the COPYRIGHT file.
 
-:javascript
-  $(document).ready(function () {
-    var data = $.parseJSON( "#{escape_javascript(@contacts_json)}" ),
-        autocompleteInput = $("#contact-autocomplete");
+%script{nonce: content_security_policy_nonce(:script)}
+  :plain
+    $(document).ready(function () {
+      var data = $.parseJSON( "#{escape_javascript(@contacts_json).html_safe}" ),
+          autocompleteInput = $("#contact-autocomplete");
 
-    autocompleteInput.autoSuggest(data, {
-      selectedItemProp: "name",
-      searchObjProps: "name",
-      asHtmlID: "contact_ids",
-      retrieveLimit: 10,
-      minChars: 1,
-      keyDelay: 0,
-      startText: '',
-      emptyText: "#{t('no_results')}",
-      preFill: [{name : "#{h params[:name]}",
-                 value : "#{@contact_ids}"}]
-      });
-    autocompleteInput.focus();
-  });
+      autocompleteInput.autoSuggest(data, {
+        selectedItemProp: "name",
+        searchObjProps: "name",
+        asHtmlID: "contact_ids",
+        retrieveLimit: 10,
+        minChars: 1,
+        keyDelay: 0,
+        startText: '',
+        emptyText: "#{t("no_results")}",
+        preFill: [{name : "#{h params[:name]}",
+                   value : "#{@contact_ids}"}]
+        });
+      autocompleteInput.focus();
+    });
 
 .col-md-6#new_conversation_pane
   .container-fluid.row
diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml
index 0b5b44be1..7903dd88b 100644
--- a/app/views/layouts/application.html.haml
+++ b/app/views/layouts/application.html.haml
@@ -41,7 +41,7 @@
     = csrf_meta_tag
 
 
-    = include_gon(camel_case:  true)
+    = include_gon(camel_case: true, nonce: content_security_policy_nonce(:script))
 
   %body{ class:  "page-#{controller_name} action-#{action_name}" }
     = yield :before_content
diff --git a/app/views/layouts/application.mobile.haml b/app/views/layouts/application.mobile.haml
index 3a26380f8..819a215b2 100644
--- a/app/views/layouts/application.mobile.haml
+++ b/app/views/layouts/application.mobile.haml
@@ -52,7 +52,7 @@
 
     = yield(:head)
 
-    = include_gon(:camel_case => true)
+    = include_gon(camel_case: true, nonce: content_security_policy_nonce(:script))
   %body
     #app
       = render "layouts/header"
author	Benjamin Neff <benjamin@coding4coffee.ch>	2016-09-08 03:23:46 +0300
committer	Dennis Schubert <mail@dennis-schubert.de>	2016-09-30 03:10:37 +0300
commit	6ec0fd4b9fa6ca407529af2584d06100c983c76e (patch)
tree	2b06c581ae1014183dc1b70ad769b56da2c9bf5d /app/views
parent	4da1c78bb77a6f02179433cf24ce4b1235d13abd (diff)