Skip to content

Commit

Permalink
Add nonce to <script> elements
Browse files Browse the repository at this point in the history
  • Loading branch information
@Yannik
Yannik committed Sep 18, 2023
1 parent 88aef02 commit b31f59e
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions src/JavascriptRenderer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,13 +63,16 @@ public function renderHead()
$cssRoute = preg_replace('/\Ahttps?:/', '', $cssRoute);
$jsRoute = preg_replace('/\Ahttps?:/', '', $jsRoute);

$nonce = $this->getNonceAttribute();

$html = "<link rel='stylesheet' type='text/css' property='stylesheet' href='{$cssRoute}' data-turbolinks-eval='false' data-turbo-eval='false'>";
$html .= "<script src='{$jsRoute}' data-turbolinks-eval='false' data-turbo-eval='false'></script>";
$html .= "<script{$nonce} src='{$jsRoute}' data-turbolinks-eval='false' data-turbo-eval='false'></script>";

if ($this->isJqueryNoConflictEnabled()) {
$html .= '<script data-turbo-eval="false">jQuery.noConflict(true);</script>' . "\n";
$html .= "<script{$nonce} data-turbo-eval='false'>jQuery.noConflict(true);</script>" . "\n";
}


$html .= $this->getInlineHtml();


Expand Down

0 comments on commit b31f59e

Please sign in to comment.