deepStateMirrors/tabi
1
0
Fork 1
mirror of https://github.com/welpo/tabi.git synced 2025-10-10 23:38:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

♻️ refactor: prevent HTML escaping of joined CSP strings (#553)

Browse source 
Co-authored-by: kanuba <me@kanuba.me>
This commit is contained in:
mfiano 2025-08-10 08:25:58 -04:00 committed by GitHub
parent 515fd078a5
commit 7e12f9acf3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
templates/partials/content_security_policy.html
View file

@ -74,19 +74,19 @@ content="default-src 'self'
{%- for domain in config.extra.allowed_domains -%} {%- for domain in config.extra.allowed_domains -%}
{%- if domain.directive == "connect-src" -%} {%- if domain.directive == "connect-src" -%}
{%- set configured_connect_src = domain.domains | join(sep=' ') -%} {%- set configured_connect_src = domain.domains | join(sep=' ') | safe -%}
{%- set_global connect_src = connect_src ~ " " ~ configured_connect_src -%} {%- set_global connect_src = connect_src ~ " " ~ configured_connect_src -%}
{%- continue -%} {%- continue -%}
{%- endif -%} {%- endif -%}
{%- if domain.directive == "script-src" -%} {%- if domain.directive == "script-src" -%}
{%- set configured_script_src = domain.domains | join(sep=' ') -%} {%- set configured_script_src = domain.domains | join(sep=' ') | safe -%}
{%- set_global script_src = script_src ~ " " ~ configured_script_src -%} {%- set_global script_src = script_src ~ " " ~ configured_script_src -%}
{%- continue -%} {%- continue -%}
{%- endif -%} {%- endif -%}
{#- Handle directives that are not connect-src -#} {#- Handle directives that are not connect-src -#}
{{ domain.directive }} {{ domain.domains | join(sep=' ') -}} {{ domain.directive }} {{ domain.domains | join(sep=' ') | safe -}}
{%- if domain.directive == "style-src" -%} {%- if domain.directive == "style-src" -%}
{%- if utterances_enabled or hyvortalk_enabled or mermaid_enabled %} 'unsafe-inline' {%- if utterances_enabled or hyvortalk_enabled or mermaid_enabled %} 'unsafe-inline'