Add support for JS nonce

allerta-vvf · May 27, 2021 · f9b3c4b · f9b3c4b
1 parent 001da34
commit f9b3c4b
Showing 1 changed file with 67 additions and 5 deletions.
diff --git a/src/DebugBar/JavascriptRenderer.php b/src/DebugBar/JavascriptRenderer.php
@@ -82,6 +82,10 @@ class JavascriptRenderer
 
     protected $openHandlerUrl;
 
+    protected $jsCustomAttributes = "";
+
+    protected $jsUseNonce = false;
+
     /**
      * @param \DebugBar\DebugBar $debugBar
      * @param string $baseUrl
@@ -124,6 +128,8 @@ public function __construct(DebugBar $debugBar, $baseUrl = null, $basePath = nul
      *  - ajax_handler_auto_show
      *  - open_handler_classname
      *  - open_handler_url
+     *  - js_custom_attributes
+     *  - js_use_nonce
      *
      * @param array $options [description]
      */
@@ -183,6 +189,12 @@ public function setOptions(array $options)
         if (array_key_exists('open_handler_url', $options)) {
             $this->setOpenHandlerUrl($options['open_handler_url']);
         }
+        if (array_key_exists('js_custom_attributes', $options)) {
+            $this->setJSCustomAttributes($options['js_custom_attributes']);
+        }
+        if (array_key_exists('js_use_nonce', $options)) {
+            $this->setJSNonce($options['js_use_nonce']);
+        }
     }
 
     /**
@@ -606,6 +618,48 @@ public function getOpenHandlerUrl()
         return $this->openHandlerUrl;
     }
 
+    /**
+     * Sets custom html attributes for script tags
+     *
+     * @param string $attributes
+     */
+    public function setJSCustomAttributes($attributes)
+    {
+        $this->jsCustomAttributes = $attributes;
+        return $this;
+    }
+
+    /**
+     * Returns custom html attributes for script tags
+     *
+     * @return string
+     */
+    public function getJSCustomAttributes()
+    {
+        return $this->jsCustomAttributes;
+    }
+
+    /**
+     * Sets custom js nonce
+     *
+     * @param string $nonce
+     */
+    public function setJSNonce($nonce)
+    {
+        $this->jsUseNonce = $nonce;
+        return $this;
+    }
+
+    /**
+     * Returns JS nonce
+     *
+     * @return string
+     */
+    public function getJSNonce()
+    {
+        return $this->jsUseNonce;
+    }
+
     /**
      * Add assets stored in files to render in the head
      *
@@ -902,6 +956,10 @@ protected function dumpAssets($files = null, $content = null, $targetFilename =
      */
     public function renderHead()
     {
+        if($this->jsUseNonce && (empty($this->jsCustomAttributes) || strpos("nonce", $this->jsCustomAttributes))){
+            $this->jsCustomAttributes .= " nonce='".$this->jsUseNonce."'";
+        }
+
         list($cssFiles, $jsFiles, $inlineCss, $inlineJs, $inlineHead) = $this->getAssets(null, self::RELATIVE_URL);
         $html = '';
 
@@ -914,19 +972,19 @@ public function renderHead()
         }
 
         foreach ($jsFiles as $file) {
-            $html .= sprintf('<script type="text/javascript" src="%s"></script>' . "\n", $file);
+            $html .= sprintf('<script type="text/javascript" src="%s"'.$this->jsCustomAttributes.'></script>' . "\n", $file);
         }
 
         foreach ($inlineJs as $content) {
-            $html .= sprintf('<script type="text/javascript">%s</script>' . "\n", $content);
+            $html .= sprintf('<script type="text/javascript"'.$this->jsCustomAttributes.'>%s</script>' . "\n", $content);
         }
 
         foreach ($inlineHead as $content) {
             $html .= $content . "\n";
         }
 
         if ($this->enableJqueryNoConflict && !$this->useRequireJs) {
-            $html .= '<script type="text/javascript">jQuery.noConflict(true);</script>' . "\n";
+            $html .= '<script type="text/javascript"'.$this->jsCustomAttributes.'>jQuery.noConflict(true);</script>' . "\n";
         }
 
         return $html;
@@ -998,6 +1056,10 @@ public function replaceTagInBuffer($here = true, $initialize = true, $renderStac
      */
     public function render($initialize = true, $renderStackedData = true)
     {
+        if($this->jsUseNonce && (empty($this->jsCustomAttributes) || strpos("nonce", $this->jsCustomAttributes))){
+            $this->jsCustomAttributes .= " nonce='".$this->jsUseNonce."'";
+        }
+
         $js = '';
 
         if ($initialize) {
@@ -1014,9 +1076,9 @@ public function render($initialize = true, $renderStackedData = true)
         $js .= $this->getAddDatasetCode($this->debugBar->getCurrentRequestId(), $this->debugBar->getData(), $suffix);
 
         if ($this->useRequireJs){
-            return "<script type=\"text/javascript\">\nrequire(['debugbar'], function(PhpDebugBar){ $js });\n</script>\n";
+            return "<script type=\"text/javascript\"{$this->jsCustomAttributes}>\nrequire(['debugbar'], function(PhpDebugBar){ $js });\n</script>\n";
         } else {
-            return "<script type=\"text/javascript\">\n$js\n</script>\n";
+            return "<script type=\"text/javascript\"{$this->jsCustomAttributes}>\n$js\n</script>\n";
         }
 
     }