add csp hash

jcheron · jcheron · commit 75e3a18fd48e · 2022-01-05T01:34:09.000+01:00
diff --git a/Ajax/JsUtils.php b/Ajax/JsUtils.php
@@ -513,4 +513,8 @@ public function _add_event($element, $js, $event, $preventDefault = false, $stop
 	public function getInjected() {
 		return $this->injected;
 	}
+	
+	public function setParam(string $param,$value){
+		$this->params[$param]=$value;
+	}
 }
diff --git a/Ajax/php/ubiquity/JsUtils.php b/Ajax/php/ubiquity/JsUtils.php
@@ -15,14 +15,23 @@ class JsUtils extends \Ajax\JsUtils {
 	 */
 	protected function _open_script($src = '') {
 		$str = '<script ';
-		if (($this->params['nonce']??false) && ContentSecurityManager::isStarted()) {
+		if (($this->params['csp']??false)==='nonce' && ContentSecurityManager::isStarted()) {
 			$nonce = ContentSecurityManager::getNonce('jsUtils');
 			$str .= ' nonce="' . $nonce . '" ';
 		}
 		$str .= ($src == '') ? '>' : ' src="' . $src . '">';
 		return $str;
 	}
 
+	public function inline($script, $cdata = true) {
+		if (($this->params['csp']??false)==='hash' && ContentSecurityManager::isStarted()) {
+			$script= ($cdata) ? "\n// <![CDATA[\n{$script}\n// ]]>\n" : "\n{$script}\n";
+			ContentSecurityManager::getHash('jsUtils',$script);
+		}
+		return $this->_open_script().$script.$this->_close_script();
+	}
+
+
 	public function getUrl($url) {
 		return URequest::getUrl($url);
 	}

Original file line number	Diff line number	Diff line change
`@@ -513,4 +513,8 @@ public function _add_event($element, $js, $event, $preventDefault = false, $stop`
`513`	`513`	`public function getInjected() {`
`514`	`514`	`return $this->injected;`
`515`	`515`	`}`
	`516`	`+`
	`517`	`+ public function setParam(string $param,$value){`
	`518`	`+ $this->params[$param]=$value;`
	`519`	`+ }`
`516`	`520`	`}`