diff --git a/src/backoffice/templates/backoffice/activitylog_card.html b/src/backoffice/templates/backoffice/activitylog_card.html index c3309797c96c3afb8c2db3a8898ee7854f775bcf..7e4d50eb530ae406f07ac6a45ea900fc9148eae8 100644 --- a/src/backoffice/templates/backoffice/activitylog_card.html +++ b/src/backoffice/templates/backoffice/activitylog_card.html @@ -112,7 +112,7 @@ </div> {% endif %} -<script> +<script nonce="{{ request.csp_nonce }}"> alc_div = document.getElementById("logentries_{{ alc_ident }}"); // make "visible log entries" selector visible and click the "w/ msg only" one document.getElementById("visible_logentries_{{ alc_ident }}").classList.remove("d-none"); diff --git a/src/backoffice/templates/backoffice/assembly_event.html b/src/backoffice/templates/backoffice/assembly_event.html index fba3d006bf81fa6905b6c6f1773281b663b4d6c5..ccbd41d97aa9e85622f25b3c3795ed276a0cb7d4 100644 --- a/src/backoffice/templates/backoffice/assembly_event.html +++ b/src/backoffice/templates/backoffice/assembly_event.html @@ -12,7 +12,7 @@ {% endblock title %} {% block scripts %} <script src="{% static "backoffice/modal.js" %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(() => { showModal = registerModal() publishEvent = document.getElementById('publishEvent'); diff --git a/src/backoffice/templates/backoffice/assembly_events.html b/src/backoffice/templates/backoffice/assembly_events.html index 3229cb926bff88470fcbdd91d14cf664501a2857..103bc5842fa9e2758e58608f80f834da2dea67d7 100644 --- a/src/backoffice/templates/backoffice/assembly_events.html +++ b/src/backoffice/templates/backoffice/assembly_events.html @@ -13,7 +13,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(function() { $('#events').DataTable({ pageLength: 100, diff --git a/src/backoffice/templates/backoffice/assembly_list.html b/src/backoffice/templates/backoffice/assembly_list.html index 7943e7a39b4de0cc50a14c290fb1547cc68f5348..6afad8c85879faf8b4417388d0b13798eaf9d620 100644 --- a/src/backoffice/templates/backoffice/assembly_list.html +++ b/src/backoffice/templates/backoffice/assembly_list.html @@ -10,7 +10,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(function() { $('#assemblies').DataTable({ pageLength: 100, diff --git a/src/backoffice/templates/backoffice/assembly_room_wa_linterblock.html b/src/backoffice/templates/backoffice/assembly_room_wa_linterblock.html index 3bae576a72a4731999699b70a438e9b72ea9cb52..4fdf7557963eee192fb6ded04449e4c5c8a6b738 100644 --- a/src/backoffice/templates/backoffice/assembly_room_wa_linterblock.html +++ b/src/backoffice/templates/backoffice/assembly_room_wa_linterblock.html @@ -43,7 +43,7 @@ <script src="{% static 'vendor/d3/d3.js' %}"></script> <script src="{% static 'vendor/d3/d3-graphviz.js' %}"></script> <div id="exitgraph"></div> - <script> + <script nonce="{{ request.csp_nonce }}"> d3.select("#exitgraph") .graphviz() .dot("{{ wa_linter.exitGraph | escapejs }}") diff --git a/src/backoffice/templates/backoffice/conferences/publication_edit.html b/src/backoffice/templates/backoffice/conferences/publication_edit.html index 6675e1e67892a7e2de09b1a73beb557c16906ac4..3587660002367888d1b2afb96090fa3097ca5972 100644 --- a/src/backoffice/templates/backoffice/conferences/publication_edit.html +++ b/src/backoffice/templates/backoffice/conferences/publication_edit.html @@ -11,7 +11,7 @@ {% endblock title %} {% block scripts %} <script src="{% static "backoffice/modal.js" %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(() => { showModal = registerModal() publishConference = document.getElementById('publishConference'); diff --git a/src/backoffice/templates/backoffice/conferences/registration_edit.html b/src/backoffice/templates/backoffice/conferences/registration_edit.html index 0fd704f437c4d226339bfc53b95ce7147c717a66..9b3c5aa49164246697b123f2c418bc40b85b79e2 100644 --- a/src/backoffice/templates/backoffice/conferences/registration_edit.html +++ b/src/backoffice/templates/backoffice/conferences/registration_edit.html @@ -11,7 +11,7 @@ {% endblock title %} {% block scripts %} <script src="{% static "backoffice/modal.js" %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(() => { showModal = registerModal() publishConference = document.getElementById('publishConference'); diff --git a/src/backoffice/templates/backoffice/event/list.html b/src/backoffice/templates/backoffice/event/list.html index 4ce972dd2a88167b0c6702e29f6dd85a13164306..14df4bad69f24ae365fffc5f8d2ad3f9b503e1ae 100644 --- a/src/backoffice/templates/backoffice/event/list.html +++ b/src/backoffice/templates/backoffice/event/list.html @@ -10,7 +10,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script>{% include "backoffice/event/components/list_script.js" %}</script> + <script nonce="{{ request.csp_nonce }}">{% include "backoffice/event/components/list_script.js" %}</script> {% endblock scripts %} {% block content %} diff --git a/src/backoffice/templates/backoffice/map_floor_list.html b/src/backoffice/templates/backoffice/map_floor_list.html index 3fb085ee97647215022f7c5af285caf9e2c61469..53f15955a650b79cca8080be88cdc6f9f88f74f5 100644 --- a/src/backoffice/templates/backoffice/map_floor_list.html +++ b/src/backoffice/templates/backoffice/map_floor_list.html @@ -10,7 +10,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(function() { $('#pois').DataTable({ pageLength: 100, diff --git a/src/backoffice/templates/backoffice/map_poi_list.html b/src/backoffice/templates/backoffice/map_poi_list.html index fe3088da3deb1b0b102509f7ad3fbef025873e13..f8560e6f19a613452cbdafa141a28d52ad1e54c5 100644 --- a/src/backoffice/templates/backoffice/map_poi_list.html +++ b/src/backoffice/templates/backoffice/map_poi_list.html @@ -10,7 +10,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(function() { $('#pois').DataTable({ pageLength: 100, diff --git a/src/backoffice/templates/backoffice/moderation_assembly-list.html b/src/backoffice/templates/backoffice/moderation_assembly-list.html index 20bc65dbb3f4be0aa311211c333c40a9f313df0d..909e2c49cad869c6f6689e6bc69b642fed11dbb2 100644 --- a/src/backoffice/templates/backoffice/moderation_assembly-list.html +++ b/src/backoffice/templates/backoffice/moderation_assembly-list.html @@ -10,7 +10,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(function() { $('#assemblies').DataTable({ pageLength: 100, diff --git a/src/backoffice/templates/backoffice/moderation_badge-list.html b/src/backoffice/templates/backoffice/moderation_badge-list.html index 170d5823fd427129924c53b350f24e80ff9c7ced..7ee761343e715fea4a83514b47cc329ac516495d 100644 --- a/src/backoffice/templates/backoffice/moderation_badge-list.html +++ b/src/backoffice/templates/backoffice/moderation_badge-list.html @@ -10,7 +10,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(function() { $('#badges').DataTable({ pageLength: 100, diff --git a/src/backoffice/templates/backoffice/moderation_base.html b/src/backoffice/templates/backoffice/moderation_base.html index ac969027df52930179b5d0e569b1ba77170a7eb1..549b8a105a3f5404bd07e1016911aad768dafa74 100644 --- a/src/backoffice/templates/backoffice/moderation_base.html +++ b/src/backoffice/templates/backoffice/moderation_base.html @@ -4,7 +4,7 @@ {% block scripts %} <script src="{% static "backoffice/modal.js" %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(() => { showModal = registerModal() diff --git a/src/backoffice/templates/backoffice/moderation_board-list.html b/src/backoffice/templates/backoffice/moderation_board-list.html index 986750ecfd8902e09ae3ed92926b7aa0f04195b3..f8ea68958f413619b8a38c40da4114cb0f4bdb15 100644 --- a/src/backoffice/templates/backoffice/moderation_board-list.html +++ b/src/backoffice/templates/backoffice/moderation_board-list.html @@ -10,7 +10,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(function() { $('#entries').DataTable({ pageLength: 100, diff --git a/src/backoffice/templates/backoffice/moderation_user-list.html b/src/backoffice/templates/backoffice/moderation_user-list.html index 8d82c41fe65f8f14334dfd8c4ac331d6a7de16e0..2f935964662994a9081a526bb8b34a33bc101b44 100644 --- a/src/backoffice/templates/backoffice/moderation_user-list.html +++ b/src/backoffice/templates/backoffice/moderation_user-list.html @@ -10,7 +10,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(function() { $('#users').DataTable({ pageLength: 100, diff --git a/src/backoffice/templates/backoffice/moderation_wiki-list.html b/src/backoffice/templates/backoffice/moderation_wiki-list.html index d30fe275b7292ae9de26998a11da38934842b518..30252e582e50aee53ac38d69e6cb024219c7187b 100644 --- a/src/backoffice/templates/backoffice/moderation_wiki-list.html +++ b/src/backoffice/templates/backoffice/moderation_wiki-list.html @@ -10,7 +10,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(function() { $('#pages').DataTable({ pageLength: 100, diff --git a/src/backoffice/templates/backoffice/project/create_edit.html b/src/backoffice/templates/backoffice/project/create_edit.html index aa15146a2fd030336298fb1aac4041b080c43c49..f88aa7700b87ca8af0de19d4b2484f9645cc2641 100644 --- a/src/backoffice/templates/backoffice/project/create_edit.html +++ b/src/backoffice/templates/backoffice/project/create_edit.html @@ -13,7 +13,7 @@ {% block scripts %} <script src="{% static "backoffice/form-add.js" %}"></script> <script src="{% static "backoffice/modal.js" %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(() => { showModal = registerModal() publishProject = document.getElementById('publishProject'); diff --git a/src/backoffice/templates/backoffice/project/list.html b/src/backoffice/templates/backoffice/project/list.html index 72ecd1ad12fbfab3bd05953034bcd806d8a89034..868c9b2f7b0e5fde9ecf2e411f2a6220a3b27649 100644 --- a/src/backoffice/templates/backoffice/project/list.html +++ b/src/backoffice/templates/backoffice/project/list.html @@ -16,7 +16,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script>{% include "backoffice/project/components/list_script.js" %}</script> + <script nonce="{{ request.csp_nonce }}">{% include "backoffice/project/components/list_script.js" %}</script> {% endblock scripts %} {% block content %} diff --git a/src/backoffice/templates/backoffice/sos.html b/src/backoffice/templates/backoffice/sos.html index ca441a001aff5b8ce866161cf98ec24455a6380e..1dcb9f2c312162083fa8d6f5e7d2f3d5dae4b686 100644 --- a/src/backoffice/templates/backoffice/sos.html +++ b/src/backoffice/templates/backoffice/sos.html @@ -13,8 +13,8 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script>{% include "backoffice/event/components/list_script.js" %}</script> - <script>{% include "backoffice/project/components/list_script.js" %}</script> + <script nonce="{{ request.csp_nonce }}">{% include "backoffice/event/components/list_script.js" %}</script> + <script nonce="{{ request.csp_nonce }}">{% include "backoffice/project/components/list_script.js" %}</script> {% endblock scripts %} {% block content %} diff --git a/src/backoffice/templates/backoffice/sos_create_edit.html b/src/backoffice/templates/backoffice/sos_create_edit.html index 2669294582d8655faa6dc029aad71053ce63c879..33d7a9d3ceed74841ee479251ed492681870590a 100644 --- a/src/backoffice/templates/backoffice/sos_create_edit.html +++ b/src/backoffice/templates/backoffice/sos_create_edit.html @@ -12,7 +12,7 @@ {% endblock title %} {% block scripts %} <script src="{% static "backoffice/modal.js" %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(() => { showModal = registerModal() publishEvent = document.getElementById('publishEvent'); diff --git a/src/backoffice/templates/backoffice/wa-map-detail.html b/src/backoffice/templates/backoffice/wa-map-detail.html index add7aac05150983fa5db5d698c6eac71899f0caa..741acf21494e2c50f6849370fc8f268b6ad239d9 100644 --- a/src/backoffice/templates/backoffice/wa-map-detail.html +++ b/src/backoffice/templates/backoffice/wa-map-detail.html @@ -3,7 +3,7 @@ {% load i18n %} {% block scripts %} - <script> + <script nonce="{{ request.csp_nonce }}"> $(function() { function changeEdit(id) { $(id).attr('disabled', function(i, v) { return !v; }); diff --git a/src/backoffice/templates/backoffice/wa-map-list.html b/src/backoffice/templates/backoffice/wa-map-list.html index 2d7a0f159b67babec8df3a4f6e6b117665b98bb1..95e2c94eefdbdad812151fcc6376231d2ad66bf9 100644 --- a/src/backoffice/templates/backoffice/wa-map-list.html +++ b/src/backoffice/templates/backoffice/wa-map-list.html @@ -9,7 +9,7 @@ {% block scripts %} <script src="{% static 'vendor/datatables/datatables.min.js' %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(function() { $('#wa-maps').DataTable({ pageLength: 100, diff --git a/src/backoffice/templates/backoffice/wiki_lock_list.html b/src/backoffice/templates/backoffice/wiki_lock_list.html index 2d0213a6cf4af94a3cf48357de097bc7285d3cae..0b04fd024bbec54e5e260aa49065692d7145febf 100644 --- a/src/backoffice/templates/backoffice/wiki_lock_list.html +++ b/src/backoffice/templates/backoffice/wiki_lock_list.html @@ -5,7 +5,7 @@ {% block scripts %} <script src="{% static "backoffice/modal.js" %}"></script> - <script> + <script nonce="{{ request.csp_nonce }}"> $(document).ready(() => { showModal = registerModal() diff --git a/src/core/templates/core/map.html b/src/core/templates/core/map.html index 5f038ccef24a2c7c3ef8dd29cdde6ab248d39847..8b976f4f8a5247c74024a93fae0b92080490f931 100644 --- a/src/core/templates/core/map.html +++ b/src/core/templates/core/map.html @@ -7,7 +7,7 @@ <div id="{{ mapid }}" style="width: 100%; min-height: 35em;"></div> </div> {% with mapstyleid=mapid|add:"_style" %}{{ map_config.style|json_script:mapstyleid }}{% endwith %} - <script> + <script nonce="{{ request.csp_nonce }}"> window.addEventListener("load", function () { const initial_floor_idx = {% if floor_id %}document.getElementById('{{ floor_id }}').value{% else %}null{% endif %}; diff --git a/src/core/templates/oauth2_provider/out-of-band-display-token.html b/src/core/templates/oauth2_provider/out-of-band-display-token.html index 69075acc857a6c258a4451675445fc17543bcccc..c728f6a8fcbb354912efa544df514d0df7bd7601 100644 --- a/src/core/templates/oauth2_provider/out-of-band-display-token.html +++ b/src/core/templates/oauth2_provider/out-of-band-display-token.html @@ -27,7 +27,7 @@ #token { font-family: monospace; } .hidden { display: none; } </style> - <script> + <script nonce="{{ request.csp_nonce }}"> document.addEventListener("DOMContentLoaded", function(){ document.querySelector('#token').innerHTML = new URLSearchParams(window.location.hash.slice(1)).get("access_token"); diff --git a/src/plainui/jinja2/plainui/base.html.j2 b/src/plainui/jinja2/plainui/base.html.j2 index 28224f4ef21ee905c84ab93bebc22f860c4af88c..56ffe2bec224ba3d75c9336437292297eaf2e18a 100644 --- a/src/plainui/jinja2/plainui/base.html.j2 +++ b/src/plainui/jinja2/plainui/base.html.j2 @@ -25,7 +25,7 @@ <script src="{{ static('vendor/map/leaflet.js') }}"></script> <link href="{{ static('vendor/map/leaflet.draw.css') }}" rel='stylesheet' /> <script src="{{ static('vendor/map/leaflet.draw.js') }}"></script> - <script> + <script nonce="{{request.csp_nonce}}"> document.addEventListener('DOMContentLoaded', (e) => { document.querySelector('html').classList.remove('no-js'); document.querySelector('html').classList.add('js'); @@ -119,7 +119,7 @@ </body> <script async src="{{ static('plainui/vendor/bootstrap5/bootstrap.bundle.min.js') }}" /></script> - <script> + <script nonce="{{request.csp_nonce}}"> setTimeout(() => { var options = { html: true, diff --git a/src/plainui/jinja2/plainui/components/integrations.html.j2 b/src/plainui/jinja2/plainui/components/integrations.html.j2 index fadb327557c83d0e7030e8a67c4ed44e222e3e36..4d00e5b7ff442a084a26a5cff018c8c0a7ed315a 100644 --- a/src/plainui/jinja2/plainui/components/integrations.html.j2 +++ b/src/plainui/jinja2/plainui/components/integrations.html.j2 @@ -1,7 +1,7 @@ {% macro vocPlayer(playerId='player', vocStream=None, vocLecture=None) -%} <div id="{{ playerId }}" class="hub_voc_player"></div> - <script> + <script nonce="{{ request.csp_nonce }}"> new VOCPlayer.Player({ {% if vocStream -%} vocStream: "{{ vocStream }}", diff --git a/src/plainui/jinja2/plainui/components/map.html.j2 b/src/plainui/jinja2/plainui/components/map.html.j2 index 8c1f7d8bbed58a47fe12669016c3a53b73a22b2f..ee3960cd440d9e347cc97d86842f03fa93fe1cb2 100644 --- a/src/plainui/jinja2/plainui/components/map.html.j2 +++ b/src/plainui/jinja2/plainui/components/map.html.j2 @@ -3,7 +3,7 @@ {% set map_start_pos = map_config["start"] %} <div id="{{ map_container_id }}" style="width: 100%; min-height: 20em;"></div> - <script> + <script nonce="{{ request.csp_nonce }}"> const style = {{ map_config.style|tojson|safe }}; const map = new maplibregl.Map({ diff --git a/src/plainui/jinja2/plainui/public_fahrplan.html.j2 b/src/plainui/jinja2/plainui/public_fahrplan.html.j2 index 269151d901ecce9f10c02fc6356eadd88e58fd57..81e48466058bca83e0ef532a005d3b5029fb8dd0 100644 --- a/src/plainui/jinja2/plainui/public_fahrplan.html.j2 +++ b/src/plainui/jinja2/plainui/public_fahrplan.html.j2 @@ -16,7 +16,7 @@ <meta name="viewport" content="width=device-width, initial-scale=1"> {% block head %} {% endblock head %} - <script> + <script nonce="{{ request.csp_nonce }}"> document.addEventListener('DOMContentLoaded', (e) => { document.querySelector('html').classList.remove('no-js'); document.querySelector('html').classList.add('js'); diff --git a/src/plainui/jinja2/plainui/static_page_edit.html.j2 b/src/plainui/jinja2/plainui/static_page_edit.html.j2 index 740c85f12a3b6dc491a1a08b7253c1c9964061fb..4a092a612003554858a762f5af01d467eb302aea 100644 --- a/src/plainui/jinja2/plainui/static_page_edit.html.j2 +++ b/src/plainui/jinja2/plainui/static_page_edit.html.j2 @@ -36,14 +36,15 @@ {% endif %} {% if preview_body is defined %} <article class="pb-11 my-4 hub-card"> - <h2 class="hub-section-title">{{ _('Preview') }}</h2> + <h2 class="hub-section-title">{{ _("Preview") }}</h2> {{ markdownMacro.markdown(markdown=preview_body | safe, customClass="p-2 rounded") }} </article> {% endif %} - <form method="post" class="hub-card" + <form method="post" + class="hub-card" action="{{ url('plainui:static_page_edit', page_slug=page_slug) }}{{ '?rev=' + revision if revision else '' }}"> - <h2 class="hub-section-title">{{ _('Wiki__edit') }}</h2> + <h2 class="hub-section-title">{{ _("Wiki__edit") }}</h2> {%- if not_latest_revision %} {% call alert.warning() %} @@ -63,7 +64,10 @@ {{ _("Save") }} {% if page.is_localized %}({{ get_language() }}){% endif %} </button> - <button type="submit" name="preview" value="true" class="btn btn-secondary mx-1">{{ _("Preview") }}</button> + <button type="submit" + name="preview" + value="true" + class="btn btn-secondary mx-1">{{ _("Preview") }}</button> {%- endif %} </div> <div class="col d-flex justify-content-end"> @@ -77,7 +81,7 @@ {% block jstools %} {% if page_slug and lock_id %} - <script> + <script nonce="{{ request.csp_nonce }}"> const data = new URLSearchParams(); data.append('page_slug', {{ page_slug | tojson }}); data.append('lock_id', {{ lock_id | tojson }});