From ce1a22a6a96a513fcbc9cf7a65cafb606edd1a51 Mon Sep 17 00:00:00 2001 From: Jeroen De Meerleer Date: Tue, 1 Feb 2022 14:29:19 +0100 Subject: [PATCH] BUGFIX: implemented CSP --- assets/js/job/index.js | 9 +++++++++ assets/js/job/view.js | 26 +++++--------------------- lib/Framework/Router.php | 3 +++ lib/Framework/Twig.php | 2 +- 4 files changed, 18 insertions(+), 22 deletions(-) diff --git a/assets/js/job/index.js b/assets/js/job/index.js index 259e436..c0352c0 100644 --- a/assets/js/job/index.js +++ b/assets/js/job/index.js @@ -5,9 +5,18 @@ document.addEventListener("readystatechange", event => { if(event.target.readyState === 'complete') { initDeleteButtons(); initRunNowButtons(); + initTags(); } }); +function initTags() { + document.querySelectorAll('.tag').forEach(elem => { + let backcolor = elem.dataset.backgroundColor; + let frontcolor = elem.dataset.color; + elem.style.backgroundColor = backcolor; + elem.style.color = frontcolor; + }) +} function initDeleteButtons() { document.querySelectorAll('.delete-btn').forEach(elem => elem.addEventListener("click", event => { let me = event.currentTarget; diff --git a/assets/js/job/view.js b/assets/js/job/view.js index 3efe111..6cc0538 100644 --- a/assets/js/job/view.js +++ b/assets/js/job/view.js @@ -7,26 +7,10 @@ document.addEventListener("readystatechange", event => { }); function initTags() { - var tags = JSON.parse(localStorage.getItem('tags')) ?? new Object(); - var collected = Object.keys(tags); - document.querySelectorAll('.job-name').forEach(elem => { - let matches = elem.textContent.matchAll(/\[([A-Za-z0-9 \-]+)\]/g) - for (const tag of matches) { - if (typeof tag != 'undefined') { - if(collected.indexOf(tag[1]) == -1) { - let color = '#'+tag[1].hashCode().toString(16).substr(1,6)// ; (0x1000000+Math.random()*0xffffff).toString(16).substr(1,6) - collected.push(tag[1]); - tags[tag[1]] = color; - } - let tagcolor = tags[tag[1]]; - let newelem = document.createElement('span') - newelem.classList.add('tag'); - newelem.innerHTML = tag[1]; - newelem.style.backgroundColor = tagcolor; - newelem.style.color = Utils.lightOrDark(tagcolor) == 'dark' ? '#ffffff' : '#000000'; - elem.innerHTML = elem.innerHTML.replace(tag[0], newelem.outerHTML); - } - } + document.querySelectorAll('.tag').forEach(elem => { + let backcolor = elem.dataset.backgroundColor; + let frontcolor = elem.dataset.color; + elem.style.backgroundColor = backcolor; + elem.style.color = frontcolor; }) - localStorage.setItem('tags', JSON.stringify(tags)); } \ No newline at end of file diff --git a/lib/Framework/Router.php b/lib/Framework/Router.php index a108684..ca55721 100644 --- a/lib/Framework/Router.php +++ b/lib/Framework/Router.php @@ -33,6 +33,9 @@ class Router $response = $controllerObj->$action(...$method); if ($response instanceof Response) { + $response->headers->add([ + "Content-Security-Policy" => "default-src 'none'; font-src 'self'; style-src 'self'; script-src 'self'; img-src 'self' data:; form-action 'self'; require-trusted-types-for 'script'" + ]); return $response; } else { throw new InvalidArgumentException(); diff --git a/lib/Framework/Twig.php b/lib/Framework/Twig.php index 88ecf79..cb98629 100644 --- a/lib/Framework/Twig.php +++ b/lib/Framework/Twig.php @@ -80,7 +80,7 @@ class Twig foreach ($results[0] as $key=>$result) { $background = substr(md5($results[0][$key]), 0, 6); $color = $this->lightOrDark($background) == 'dark' ? 'ffffff' : '000000'; - $text = str_replace($results[0][$key], '' . $results[1][$key] . '', $text); + $text = str_replace($results[0][$key], '' . $results[1][$key] . '', $text); } return $text; });