CSP in progress (#1138)
This commit is contained in:
Xavier Guimard
parent
04585cf188
commit
b70dac9f3a
|
|
@ -34,7 +34,7 @@ sub defaultValues {
|
|||
'confirmFormMethod' => 'post',
|
||||
'cookieName' => 'lemonldap',
|
||||
'cspConnect' => '\'self\'',
|
||||
'cspDefault' => '\'none\'',
|
||||
'cspDefault' => '\'self\'',
|
||||
'cspFont' => '\'self\'',
|
||||
'cspImg' => '\'self\'',
|
||||
'cspScript' => '\'self\'',
|
||||
|
|
|
|||
|
|
@ -719,7 +719,7 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'type' => 'text'
|
||||
},
|
||||
'cspDefault' => {
|
||||
'default' => '\'none\'',
|
||||
'default' => '\'self\'',
|
||||
'type' => 'text'
|
||||
},
|
||||
'cspFont' => {
|
||||
|
|
|
|||
|
|
@ -451,7 +451,7 @@ sub attributes {
|
|||
},
|
||||
cspDefault => {
|
||||
type => 'text',
|
||||
default => "'none'",
|
||||
default => "'self'",
|
||||
documentation => 'Default value for Content-Security-Policy',
|
||||
},
|
||||
cspImg => {
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -24,6 +24,17 @@ translatePage = (lang) ->
|
|||
translate = (str) ->
|
||||
return if translationFields[str] then translationFields[str] else str
|
||||
|
||||
getValues = () ->
|
||||
values = {}
|
||||
$("script[type='application/init']").each ->
|
||||
try
|
||||
tmp = JSON.parse $(this).text
|
||||
for k of tmp
|
||||
values[k] = tmp[k]
|
||||
catch e
|
||||
console.log 'Parsing error', e
|
||||
values
|
||||
|
||||
# Set default values
|
||||
newwindow = if window.newwindow.match('1') then true else false
|
||||
antiframe = if window.antiframe.match('0') then false else true
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ Used variables:
|
|||
*/
|
||||
|
||||
(function() {
|
||||
var activeTimer, antiframe, getOrder, isHiddenFormValueSet, newwindow, ping, restoreOrder, setSelector, translate, translatePage, translationFields,
|
||||
var activeTimer, antiframe, getOrder, getValues, isHiddenFormValueSet, newwindow, ping, restoreOrder, setSelector, translate, translatePage, translationFields,
|
||||
indexOf = [].indexOf || function(item) { for (var i = 0, l = this.length; i < l; i++) { if (i in this && this[i] === item) return i; } return -1; };
|
||||
|
||||
translationFields = {};
|
||||
|
|
@ -37,6 +37,26 @@ Used variables:
|
|||
}
|
||||
};
|
||||
|
||||
getValues = function() {
|
||||
var values;
|
||||
values = {};
|
||||
$("script[type='application/init']").each(function() {
|
||||
var e, error, k, results, tmp;
|
||||
try {
|
||||
tmp = JSON.parse($(this).text);
|
||||
results = [];
|
||||
for (k in tmp) {
|
||||
results.push(values[k] = tmp[k]);
|
||||
}
|
||||
return results;
|
||||
} catch (error) {
|
||||
e = error;
|
||||
return console.log('Parsing error', e);
|
||||
}
|
||||
});
|
||||
return values;
|
||||
};
|
||||
|
||||
newwindow = window.newwindow.match('1') ? true : false;
|
||||
|
||||
antiframe = window.antiframe.match('0') ? false : true;
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
(function(){var d,e,j,a,h,k,i,f,b,l,c,g=[].indexOf||function(o){for(var n=0,m=this.length;n<m;n++){if(n in this&&this[n]===o){return n}}return -1};c={};l=function(m){return $.getJSON(window.staticPrefix+"languages/"+m+".json",function(n){c=n;$("[trspan]").each(function(){return $(this).text(b($(this).attr("trspan")))});return $("[trmsg]").each(function(){return $(this).text(b("PE"+($(this).attr("trmsg"))))})})};b=function(m){if(c[m]){return c[m]}else{return m}};h=window.newwindow.match("1")?true:false;e=window.antiframe.match("0")?false:true;d=window.activeTimer.match("0")?false:true;f="#appslist";j=function(){return $.ajax({type:"POST",url:scriptname,data:{storeAppsListOrder:$(f).sortable("toArray").join()},dataType:"json"})};i=function(){var o,n,r,z,m,w,q,s,p,u,x,t,y;u=$(f);if(!((u!=null)&&appslistorder)){return null}o=appslistorder.split(",");w=u.sortable("toArray");x=[];for(r=0,s=w.length;r<s;r++){y=w[r];x[y]=y}for(q=0,p=o.length;q<p;q++){m=o[q];if(g.call(x,m)>=0){z=x[m];n=$(f+".ui-sortable").children("#"+z);t=$(f+".ui-sortable").children("#"+m);n.remove();$(f+".ui-sortable").filter(":first").append(t)}}return 1};a=function(m){return $("#lmhidden_"+m).length};k=function(){return $.ajax({type:"POST",url:scriptname,data:{ping:1},dataType:"json",success:function(m){if(m.auth){return setTimeout(k,pingInterval)}else{return location.reload(true)}}})};window.ping=k;$(document).ready(function(){var y,x,A,w,B,z,D,u,t,C,s,r,v,p,n,o,m,q;if(e&&top!==self){top.location.href=location.href}$("#appslist").sortable({axis:"y",cursor:"move",opacity:0.5,revert:true,items:"> div.category",update:function(){return j()}});i();$("div.message").fadeIn("slow");$("input[name=timezone]").val(-(new Date().getTimezoneOffset()/60));p=$("#menu").tabs({active:0});v=$('#menu a[href="#'+displaytab+'"]').parent().index();if(v<0){v=0}p.tabs("option","active",v);A=$("#authMenu").tabs({active:0});if(choicetab){A.tabs("option","active",$('#authMenu a[href="#'+choicetab+'"]').parent().index())}if(login){$("input[type=password]:first").focus()}else{$("input[type!=hidden]:first").focus()}if(h){$("#appslist a").attr("target","_blank")}if($("p.removeOther").length){y=$("form.login").attr("action");n=$("form.login").attr("method");w="";if(y.indexOf("?")!==-1){y.substring(0,y.indexOf("?"))+"?"}else{w=y+"?"}$("form.login input[type=hidden]").each(function(E){return w+="&"+$(this).attr("name")+"="+$(this).val()});r=$("p.removeOther a").attr("href")+"&method="+n+"&url="+btoa(w);$("p.removeOther a").attr("href",r)}if(navigator){u=[];t=[];m=[navigator.language];if(navigator.languages){m=navigator.languages}for(B=0,C=m.length;B<C;B++){o=m[B];q=window.availableLanguages;for(z=0,s=q.length;z<s;z++){x=q[z];if(x===o){u.push(x)}else{if(x.substring(0,1)===o.substring(0,1)){t.push(x)}}}}D=u[0]?u[0]:t[0]?t[0]:"en"}else{D="en"}return l(D)})}).call(this);
|
||||
(function(){var e,g,k,d,a,i,l,j,f,b,m,c,h=[].indexOf||function(p){for(var o=0,n=this.length;o<n;o++){if(o in this&&this[o]===p){return o}}return -1};c={};m=function(n){return $.getJSON(window.staticPrefix+"languages/"+n+".json",function(o){c=o;$("[trspan]").each(function(){return $(this).text(b($(this).attr("trspan")))});return $("[trmsg]").each(function(){return $(this).text(b("PE"+($(this).attr("trmsg"))))})})};b=function(n){if(c[n]){return c[n]}else{return n}};d=function(){var n;n={};$("script[type='application/init']").each(function(){var s,p,o,r,q;try{q=JSON.parse($(this).text);r=[];for(o in q){r.push(n[o]=q[o])}return r}catch(p){s=p;return console.log("Parsing error",s)}});return n};i=window.newwindow.match("1")?true:false;g=window.antiframe.match("0")?false:true;e=window.activeTimer.match("0")?false:true;f="#appslist";k=function(){return $.ajax({type:"POST",url:scriptname,data:{storeAppsListOrder:$(f).sortable("toArray").join()},dataType:"json"})};j=function(){var p,o,s,A,n,x,r,t,q,w,y,u,z;w=$(f);if(!((w!=null)&&appslistorder)){return null}p=appslistorder.split(",");x=w.sortable("toArray");y=[];for(s=0,t=x.length;s<t;s++){z=x[s];y[z]=z}for(r=0,q=p.length;r<q;r++){n=p[r];if(h.call(y,n)>=0){A=y[n];o=$(f+".ui-sortable").children("#"+A);u=$(f+".ui-sortable").children("#"+n);o.remove();$(f+".ui-sortable").filter(":first").append(u)}}return 1};a=function(n){return $("#lmhidden_"+n).length};l=function(){return $.ajax({type:"POST",url:scriptname,data:{ping:1},dataType:"json",success:function(n){if(n.auth){return setTimeout(l,pingInterval)}else{return location.reload(true)}}})};window.ping=l;$(document).ready(function(){var z,y,B,x,C,A,E,v,u,D,t,s,w,q,o,p,n,r;if(g&&top!==self){top.location.href=location.href}$("#appslist").sortable({axis:"y",cursor:"move",opacity:0.5,revert:true,items:"> div.category",update:function(){return k()}});j();$("div.message").fadeIn("slow");$("input[name=timezone]").val(-(new Date().getTimezoneOffset()/60));q=$("#menu").tabs({active:0});w=$('#menu a[href="#'+displaytab+'"]').parent().index();if(w<0){w=0}q.tabs("option","active",w);B=$("#authMenu").tabs({active:0});if(choicetab){B.tabs("option","active",$('#authMenu a[href="#'+choicetab+'"]').parent().index())}if(login){$("input[type=password]:first").focus()}else{$("input[type!=hidden]:first").focus()}if(i){$("#appslist a").attr("target","_blank")}if($("p.removeOther").length){z=$("form.login").attr("action");o=$("form.login").attr("method");x="";if(z.indexOf("?")!==-1){z.substring(0,z.indexOf("?"))+"?"}else{x=z+"?"}$("form.login input[type=hidden]").each(function(F){return x+="&"+$(this).attr("name")+"="+$(this).val()});s=$("p.removeOther a").attr("href")+"&method="+o+"&url="+btoa(x);$("p.removeOther a").attr("href",s)}if(navigator){v=[];u=[];n=[navigator.language];if(navigator.languages){n=navigator.languages}for(C=0,D=n.length;C<D;C++){p=n[C];r=window.availableLanguages;for(A=0,t=r.length;A<t;A++){y=r[A];if(y===p){v.push(y)}else{if(y.substring(0,1)===p.substring(0,1)){u.push(y)}}}}E=v[0]?v[0]:u[0]?u[0]:"en"}else{E="en"}return m(E)})}).call(this);
|
||||
Loading…
Reference in New Issue
Block a user