Skip to content

Commit

Permalink
fix: ensure nonce is present on parsed style tags
Browse files Browse the repository at this point in the history
  • Loading branch information
@jsip
jsip committed Dec 13, 2023
1 parent 773ef75 commit bac8a73
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 0 deletions.
5 changes: 5 additions & 0 deletions dist/turbo.es2017-esm.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -364,6 +364,11 @@ function parseHTMLDocument(html = "") {
styleMap[uniqueKey] = style;
return `<${tag}${otherAttrs} data-style-attribute="${uniqueKey}"`;
});
html = html.replace(/<style([^>]*)>/g, (match, otherAttrs) => {
const nonce = getMetaContent("csp-nonce");
otherAttrs = otherAttrs.replace(/nonce=""/g, "");
return nonce ? `<style${otherAttrs} nonce="${nonce}">` : match;
});
const doc = new DOMParser().parseFromString(html, "text/html");
Object.keys(styleMap).forEach(uniqueKey => {
const elements = doc.querySelectorAll(`[data-style-attribute="${uniqueKey}"]`);
Expand Down
5 changes: 5 additions & 0 deletions dist/turbo.es2017-umd.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,6 +370,11 @@ Copyright © 2023 37signals LLC
styleMap[uniqueKey] = style;
return `<${tag}${otherAttrs} data-style-attribute="${uniqueKey}"`;
});
html = html.replace(/<style([^>]*)>/g, (match, otherAttrs) => {
const nonce = getMetaContent("csp-nonce");
otherAttrs = otherAttrs.replace(/nonce=""/g, "");
return nonce ? `<style${otherAttrs} nonce="${nonce}">` : match;
});
const doc = new DOMParser().parseFromString(html, "text/html");
Object.keys(styleMap).forEach(uniqueKey => {
const elements = doc.querySelectorAll(`[data-style-attribute="${uniqueKey}"]`);
Expand Down
6 changes: 6 additions & 0 deletions src/util.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,12 @@ export function parseHTMLDocument(html: string = ""): Document {
return `<${tag}${otherAttrs} data-style-attribute="${uniqueKey}"`;

Check failure on line 77 in src/util.ts

View workflow job for this annotation

GitHub Actions / build 

Delete `;`
});

Check failure on line 78 in src/util.ts

View workflow job for this annotation

GitHub Actions / build 

Delete `;`

html = html.replace(/<style([^>]*)>/g, (match, otherAttrs) => {
const nonce = getMetaContent("csp-nonce");

Check failure on line 81 in src/util.ts

View workflow job for this annotation

GitHub Actions / build 

Delete `;`
otherAttrs = otherAttrs.replace(/nonce=""/g, "");

Check failure on line 82 in src/util.ts

View workflow job for this annotation

GitHub Actions / build 

Delete `;`
return nonce ? `<style${otherAttrs} nonce="${nonce}">` : match;

Check failure on line 83 in src/util.ts

View workflow job for this annotation

GitHub Actions / build 

Delete `;`
});

Check failure on line 84 in src/util.ts

View workflow job for this annotation

GitHub Actions / build 

Replace `});` with `··})`

const doc: Document = new DOMParser().parseFromString(html, "text/html");

// Apply styles and remove data-style-attribute
Expand Down

0 comments on commit bac8a73

Please sign in to comment.