From f9b3c4b7c1a79db817435d3817c3a997101fefa9 Mon Sep 17 00:00:00 2001 From: Matteo Gheza Date: Thu, 27 May 2021 15:04:53 +0200 Subject: [PATCH] Add support for JS nonce --- src/DebugBar/JavascriptRenderer.php | 72 +++++++++++++++++++++++++++-- 1 file changed, 67 insertions(+), 5 deletions(-) diff --git a/src/DebugBar/JavascriptRenderer.php b/src/DebugBar/JavascriptRenderer.php index 16689992..7d28b646 100644 --- a/src/DebugBar/JavascriptRenderer.php +++ b/src/DebugBar/JavascriptRenderer.php @@ -82,6 +82,10 @@ class JavascriptRenderer protected $openHandlerUrl; + protected $jsCustomAttributes = ""; + + protected $jsUseNonce = false; + /** * @param \DebugBar\DebugBar $debugBar * @param string $baseUrl @@ -124,6 +128,8 @@ public function __construct(DebugBar $debugBar, $baseUrl = null, $basePath = nul * - ajax_handler_auto_show * - open_handler_classname * - open_handler_url + * - js_custom_attributes + * - js_use_nonce * * @param array $options [description] */ @@ -183,6 +189,12 @@ public function setOptions(array $options) if (array_key_exists('open_handler_url', $options)) { $this->setOpenHandlerUrl($options['open_handler_url']); } + if (array_key_exists('js_custom_attributes', $options)) { + $this->setJSCustomAttributes($options['js_custom_attributes']); + } + if (array_key_exists('js_use_nonce', $options)) { + $this->setJSNonce($options['js_use_nonce']); + } } /** @@ -606,6 +618,48 @@ public function getOpenHandlerUrl() return $this->openHandlerUrl; } + /** + * Sets custom html attributes for script tags + * + * @param string $attributes + */ + public function setJSCustomAttributes($attributes) + { + $this->jsCustomAttributes = $attributes; + return $this; + } + + /** + * Returns custom html attributes for script tags + * + * @return string + */ + public function getJSCustomAttributes() + { + return $this->jsCustomAttributes; + } + + /** + * Sets custom js nonce + * + * @param string $nonce + */ + public function setJSNonce($nonce) + { + $this->jsUseNonce = $nonce; + return $this; + } + + /** + * Returns JS nonce + * + * @return string + */ + public function getJSNonce() + { + return $this->jsUseNonce; + } + /** * Add assets stored in files to render in the head * @@ -902,6 +956,10 @@ protected function dumpAssets($files = null, $content = null, $targetFilename = */ public function renderHead() { + if($this->jsUseNonce && (empty($this->jsCustomAttributes) || strpos("nonce", $this->jsCustomAttributes))){ + $this->jsCustomAttributes .= " nonce='".$this->jsUseNonce."'"; + } + list($cssFiles, $jsFiles, $inlineCss, $inlineJs, $inlineHead) = $this->getAssets(null, self::RELATIVE_URL); $html = ''; @@ -914,11 +972,11 @@ public function renderHead() } foreach ($jsFiles as $file) { - $html .= sprintf('' . "\n", $file); + $html .= sprintf('' . "\n", $file); } foreach ($inlineJs as $content) { - $html .= sprintf('' . "\n", $content); + $html .= sprintf('' . "\n", $content); } foreach ($inlineHead as $content) { @@ -926,7 +984,7 @@ public function renderHead() } if ($this->enableJqueryNoConflict && !$this->useRequireJs) { - $html .= '' . "\n"; + $html .= '' . "\n"; } return $html; @@ -998,6 +1056,10 @@ public function replaceTagInBuffer($here = true, $initialize = true, $renderStac */ public function render($initialize = true, $renderStackedData = true) { + if($this->jsUseNonce && (empty($this->jsCustomAttributes) || strpos("nonce", $this->jsCustomAttributes))){ + $this->jsCustomAttributes .= " nonce='".$this->jsUseNonce."'"; + } + $js = ''; if ($initialize) { @@ -1014,9 +1076,9 @@ public function render($initialize = true, $renderStackedData = true) $js .= $this->getAddDatasetCode($this->debugBar->getCurrentRequestId(), $this->debugBar->getData(), $suffix); if ($this->useRequireJs){ - return "\n"; + return "\n"; } else { - return "\n"; + return "\n"; } }