WebClient: update pdfobject

also add csp nonce when loading javascript files Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2023-11-21 16:24:43 +01:00 · 2023-11-21 16:24:43 +01:00 · c14484856e
commit c14484856e
parent 84e387cc9c
9 changed files with 313 additions and 14 deletions
--- a/static/vendor/pdfobject/pdfobject.min.js
+++ b/static/vendor/pdfobject/pdfobject.min.js
--- a/templates/webclient/base.html
+++ b/templates/webclient/base.html
@ -292,8 +292,8 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
        </div>

        {{- block "modals" .}}{{- end}}
-		<script src="{{.StaticURL}}/assets/plugins/global/plugins.bundle.js"></script>
-		<script src="{{.StaticURL}}/assets/js/scripts.bundle.js"></script>
+		<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/global/plugins.bundle.js"></script>
+		<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/js/scripts.bundle.js"></script>
 		{{- template "basejs" .CSPNonce }}
        <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
            var ModalAlert = function () {
--- a/templates/webclient/baselogin.html
+++ b/templates/webclient/baselogin.html
@ -44,8 +44,8 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
 				</div>
 			</div>
 		</div>
-		<script src="{{.StaticURL}}/assets/plugins/global/plugins.bundle.js"></script>
-		<script src="{{.StaticURL}}/assets/js/scripts.bundle.js"></script>
+		<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/global/plugins.bundle.js"></script>
+		<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/js/scripts.bundle.js"></script>
 		{{- template "basejs" .CSPNonce }}
 		<script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
 			KTUtil.onDOMContentLoaded(function () {
--- a/templates/webclient/editfile.html
+++ b/templates/webclient/editfile.html
@ -100,7 +100,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
 {{- end}}

 {{- define "extra_js"}}
-<script src="{{.StaticURL}}/vendor/codemirror/cm6.bundle.min.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/vendor/codemirror/cm6.bundle.min.js"></script>
 <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
    var cmView;

--- a/templates/webclient/files.html
+++ b/templates/webclient/files.html
@ -178,9 +178,9 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
 {{- end}}

 {{- define "extra_js"}}
-<script src="{{.StaticURL}}/assets/plugins/custom/datatables/datatables.bundle.js"></script>
-<script src="{{.StaticURL}}/vendor/glightbox/glightbox.min.js"></script>
-<script src="{{.StaticURL}}/vendor/pdfobject/pdfobject.min.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/custom/datatables/datatables.bundle.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/vendor/glightbox/glightbox.min.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/vendor/pdfobject/pdfobject.min.js"></script>
 <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
    //{{- if not .ShareUploadBaseURL}}
    const supportedEditExtensions = ["csv", "bat", "dyalog", "apl", "asc", "pgp", "sig", "asn", "asn1", "b", "bf",
--- a/templates/webclient/profile.html
+++ b/templates/webclient/profile.html
@ -138,7 +138,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).

 {{- define "extra_js"}}
 {{- if .LoggedUser.CanManagePublicKeys}}
-<script src="{{.StaticURL}}/assets/plugins/custom/formrepeater/formrepeater.bundle.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/custom/formrepeater/formrepeater.bundle.js"></script>
 <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
    KTUtil.onDOMContentLoaded(function () {
        initRepeater('#public_keys');
--- a/templates/webclient/share.html
+++ b/templates/webclient/share.html
@ -188,7 +188,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
 {{- end}}

 {{- define "extra_js"}}
-<script src="{{.StaticURL}}/assets/plugins/custom/formrepeater/formrepeater.bundle.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/custom/formrepeater/formrepeater.bundle.js"></script>
 <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
    KTUtil.onDOMContentLoaded(function () {
            initRepeater('#paths');
--- a/templates/webclient/shares.html
+++ b/templates/webclient/shares.html
@ -105,7 +105,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
 {{end}}

 {{define "extra_js"}}
-<script src="{{.StaticURL}}/assets/plugins/custom/datatables/datatables.bundle.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/custom/datatables/datatables.bundle.js"></script>
 <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>

    function deleteAction(shareID) {
--- a/templates/webclient/viewpdf.html
+++ b/templates/webclient/viewpdf.html
@ -26,7 +26,7 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
    </head>

 <body>
-    <script src="{{.StaticURL}}/vendor/pdfobject/pdfobject.min.js"></script>
+    <script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/vendor/pdfobject/pdfobject.min.js"></script>
    <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
        PDFObject.embed("{{.URL}}", document.body);
    </script>