Skip to content

Commit 4944d59

Browse files
jwattjelmer
jwatt
authored and
jelmer
committed
Make Isso compatible with Content Security Policies without script-src 'unsafe-inline' (isso-comments#597)
* Move templates/admin.html's JS to an external file This allow Isso to be used with websites that have a Content Security Policy that doesn't include `script-src 'unsafe-inline'`.
1 parent 472c9ed commit 4944d59

File tree

2 files changed

+101
-101
lines changed

2 files changed

+101
-101
lines changed

isso/js/admin.js

+100
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
function ajax(req) {
2+
var r = new XMLHttpRequest();
3+
r.open(req.method, req.url, true);
4+
r.onreadystatechange = function () {
5+
if (r.readyState != 4 || r.status != 200) {
6+
if (req.failure) {
7+
req.failure();
8+
}
9+
return;
10+
}
11+
req.success(r.responseText);
12+
};
13+
r.send(req.data);
14+
}
15+
function fade(element) {
16+
var op = 1; // initial opacity
17+
var timer = setInterval(function () {
18+
if (op <= 0.1){
19+
clearInterval(timer);
20+
element.style.display = 'none';
21+
}
22+
element.style.opacity = op;
23+
element.style.filter = 'alpha(opacity=' + op * 100 + ")";
24+
op -= op * 0.1;
25+
}, 10);
26+
}
27+
function moderate(com_id, hash, action, isso_host_script) {
28+
ajax({method: "POST",
29+
url: isso_host_script + "/id/" + com_id + "/" + action + "/" + hash,
30+
success: function(){
31+
fade(document.getElementById("isso-" + com_id));
32+
}});
33+
}
34+
function edit(com_id, hash, author, email, website, comment, isso_host_script) {
35+
ajax({method: "POST",
36+
url: isso_host_script + "/id/" + com_id + "/edit/" + hash,
37+
data: JSON.stringify({text: comment,
38+
author: author,
39+
email: email,
40+
website: website}),
41+
success: function(ret){
42+
console.log("edit successed: ", ret);// TODO display some pretty stuff & update msg
43+
},
44+
error: function(ret){
45+
console.log("Error: ", ret); // TODO flash msg/notif
46+
}});
47+
}
48+
function validate_com(com_id, hash, isso_host_script) {
49+
moderate(com_id, hash, "activate", isso_host_script);
50+
}
51+
function delete_com(com_id, hash, isso_host_script) {
52+
moderate(com_id, hash, "delete", isso_host_script);
53+
}
54+
function unset_editable(elt_id) {
55+
var elt = document.getElementById(elt_id);
56+
if (elt) {
57+
elt.contentEditable = false;
58+
elt.classList.remove("editable");
59+
}
60+
}
61+
function set_editable(elt_id) {
62+
var elt = document.getElementById(elt_id);
63+
if (elt) {
64+
elt.contentEditable = true;
65+
elt.classList.add("editable");
66+
}
67+
}
68+
function start_edit(com_id) {
69+
var editable_elements = ['isso-author-' + com_id,
70+
'isso-email-' + com_id,
71+
'isso-website-' + com_id,
72+
'isso-text-' + com_id];
73+
for (var idx=0; idx <= editable_elements.length; idx++) {
74+
set_editable(editable_elements[idx]);
75+
}
76+
document.getElementById('edit-btn-' + com_id).classList.toggle('hidden');
77+
document.getElementById('stop-edit-btn-' + com_id).classList.toggle('hidden');
78+
document.getElementById('send-edit-btn-' + com_id).classList.toggle('hidden');
79+
}
80+
function stop_edit(com_id) {
81+
var editable_elements = ['isso-author-' + com_id,
82+
'isso-email-' + com_id,
83+
'isso-website-' + com_id,
84+
'isso-text-' + com_id];
85+
for (var idx=0; idx <= editable_elements.length; idx++) {
86+
unset_editable(editable_elements[idx]);
87+
}
88+
document.getElementById('edit-btn-' + com_id).classList.toggle('hidden');
89+
document.getElementById('stop-edit-btn-' + com_id).classList.toggle('hidden');
90+
document.getElementById('send-edit-btn-' + com_id).classList.toggle('hidden');
91+
}
92+
function send_edit(com_id, hash, isso_host_script) {
93+
var author = document.getElementById('isso-author-' + com_id).textContent;
94+
var email = document.getElementById('isso-email-' + com_id).textContent;
95+
var website = document.getElementById('isso-website-' + com_id).textContent;
96+
var comment = document.getElementById('isso-text-' + com_id).textContent;
97+
edit(com_id, hash, author, email, website, comment, isso_host_script);
98+
stop_edit(com_id);
99+
}
100+

isso/templates/admin.html

+1-101
Original file line numberDiff line numberDiff line change
@@ -3,109 +3,9 @@
33
<title>Isso admin</title>
44
<link type="text/css" href="{{isso_host_script}}/css/isso.css" rel="stylesheet">
55
<link type="text/css" href="{{isso_host_script}}/css/admin.css" rel="stylesheet">
6+
<script type="text/javascript" src="{{isso_host_script}}/js/admin.js"></script>
67
</head>
78
<body>
8-
<script type="text/javascript">
9-
function ajax(req) {
10-
var r = new XMLHttpRequest();
11-
r.open(req.method, req.url, true);
12-
r.onreadystatechange = function () {
13-
if (r.readyState != 4 || r.status != 200) {
14-
if (req.failure) {
15-
req.failure();
16-
}
17-
return;
18-
}
19-
req.success(r.responseText);
20-
};
21-
r.send(req.data);
22-
}
23-
function fade(element) {
24-
var op = 1; // initial opacity
25-
var timer = setInterval(function () {
26-
if (op <= 0.1){
27-
clearInterval(timer);
28-
element.style.display = 'none';
29-
}
30-
element.style.opacity = op;
31-
element.style.filter = 'alpha(opacity=' + op * 100 + ")";
32-
op -= op * 0.1;
33-
}, 10);
34-
}
35-
function moderate(com_id, hash, action, isso_host_script) {
36-
ajax({method: "POST",
37-
url: isso_host_script + "/id/" + com_id + "/" + action + "/" + hash,
38-
success: function(){
39-
fade(document.getElementById("isso-" + com_id));
40-
}});
41-
}
42-
function edit(com_id, hash, author, email, website, comment, isso_host_script) {
43-
ajax({method: "POST",
44-
url: isso_host_script + "/id/" + com_id + "/edit/" + hash,
45-
data: JSON.stringify({text: comment,
46-
author: author,
47-
email: email,
48-
website: website}),
49-
success: function(ret){
50-
console.log("edit successed: ", ret);// TODO display some pretty stuff & update msg
51-
},
52-
error: function(ret){
53-
console.log("Error: ", ret); // TODO flash msg/notif
54-
}});
55-
}
56-
function validate_com(com_id, hash, isso_host_script) {
57-
moderate(com_id, hash, "activate", isso_host_script);
58-
}
59-
function delete_com(com_id, hash, isso_host_script) {
60-
moderate(com_id, hash, "delete", isso_host_script);
61-
}
62-
function unset_editable(elt_id) {
63-
var elt = document.getElementById(elt_id);
64-
if (elt) {
65-
elt.contentEditable = false;
66-
elt.classList.remove("editable");
67-
}
68-
}
69-
function set_editable(elt_id) {
70-
var elt = document.getElementById(elt_id);
71-
if (elt) {
72-
elt.contentEditable = true;
73-
elt.classList.add("editable");
74-
}
75-
}
76-
function start_edit(com_id) {
77-
var editable_elements = ['isso-author-' + com_id,
78-
'isso-email-' + com_id,
79-
'isso-website-' + com_id,
80-
'isso-text-' + com_id];
81-
for (var idx=0; idx <= editable_elements.length; idx++) {
82-
set_editable(editable_elements[idx]);
83-
}
84-
document.getElementById('edit-btn-' + com_id).classList.toggle('hidden');
85-
document.getElementById('stop-edit-btn-' + com_id).classList.toggle('hidden');
86-
document.getElementById('send-edit-btn-' + com_id).classList.toggle('hidden');
87-
}
88-
function stop_edit(com_id) {
89-
var editable_elements = ['isso-author-' + com_id,
90-
'isso-email-' + com_id,
91-
'isso-website-' + com_id,
92-
'isso-text-' + com_id];
93-
for (var idx=0; idx <= editable_elements.length; idx++) {
94-
unset_editable(editable_elements[idx]);
95-
}
96-
document.getElementById('edit-btn-' + com_id).classList.toggle('hidden');
97-
document.getElementById('stop-edit-btn-' + com_id).classList.toggle('hidden');
98-
document.getElementById('send-edit-btn-' + com_id).classList.toggle('hidden');
99-
}
100-
function send_edit(com_id, hash, isso_host_script) {
101-
var author = document.getElementById('isso-author-' + com_id).textContent;
102-
var email = document.getElementById('isso-email-' + com_id).textContent;
103-
var website = document.getElementById('isso-website-' + com_id).textContent;
104-
var comment = document.getElementById('isso-text-' + com_id).textContent;
105-
edit(com_id, hash, author, email, website, comment, isso_host_script);
106-
stop_edit(com_id);
107-
}
108-
</script>
1099
<div class="wrapper">
11010
<div class="header">
11111
<header>

0 commit comments

Comments
 (0)