Fossil SCM
Added a nonce attribute to the <script> tag for the inline JavaScript backing the WYSIWYG wiki editor feature. Without this, modern browsers throw a CSP violation.
Commit
12a90ff44477f056fe30494ba081979eb757f82f8a2c8a63771217cb128837ab
Parent
a1437b2447512c2…
1 file changed
+1
-1
+1
-1
| --- src/wysiwyg.c | ||
| +++ src/wysiwyg.c | ||
| @@ -226,11 +226,11 @@ | ||
| 226 | 226 | |
| 227 | 227 | @ </div> |
| 228 | 228 | @ <div id="wysiwygBox" |
| 229 | 229 | @ style="resize:both; overflow:auto; width: %d(w)em; height: %d(h)em;" |
| 230 | 230 | @ contenteditable="true">%s(zContent)</div> |
| 231 | - @ <script> | |
| 231 | + @ <script nonce="%h(style_nonce())"> | |
| 232 | 232 | @ var oDoc; |
| 233 | 233 | @ |
| 234 | 234 | @ /* Initialize the document editor */ |
| 235 | 235 | @ function initDoc() { |
| 236 | 236 | @ oDoc = document.getElementById("wysiwygBox"); |
| 237 | 237 |
| --- src/wysiwyg.c | |
| +++ src/wysiwyg.c | |
| @@ -226,11 +226,11 @@ | |
| 226 | |
| 227 | @ </div> |
| 228 | @ <div id="wysiwygBox" |
| 229 | @ style="resize:both; overflow:auto; width: %d(w)em; height: %d(h)em;" |
| 230 | @ contenteditable="true">%s(zContent)</div> |
| 231 | @ <script> |
| 232 | @ var oDoc; |
| 233 | @ |
| 234 | @ /* Initialize the document editor */ |
| 235 | @ function initDoc() { |
| 236 | @ oDoc = document.getElementById("wysiwygBox"); |
| 237 |
| --- src/wysiwyg.c | |
| +++ src/wysiwyg.c | |
| @@ -226,11 +226,11 @@ | |
| 226 | |
| 227 | @ </div> |
| 228 | @ <div id="wysiwygBox" |
| 229 | @ style="resize:both; overflow:auto; width: %d(w)em; height: %d(h)em;" |
| 230 | @ contenteditable="true">%s(zContent)</div> |
| 231 | @ <script nonce="%h(style_nonce())"> |
| 232 | @ var oDoc; |
| 233 | @ |
| 234 | @ /* Initialize the document editor */ |
| 235 | @ function initDoc() { |
| 236 | @ oDoc = document.getElementById("wysiwygBox"); |
| 237 |