kiwix/kiwix-js-pwa
1
0
Fork 0
mirror of https://github.com/kiwix/kiwix-js-pwa.git synced 2025-09-13 06:22:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Force-add CSP to document, to increase security

Browse Source
This commit is contained in:
Jaifroid 2023-03-10 11:46:58 +00:00
parent 018a553c21
commit db1fc67a9f
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
www/js/app.js
View File

@ -4751,10 +4751,10 @@ define(['jquery', 'zimArchiveLoader', 'uiUtil', 'util', 'utf8', 'cache', 'images
// });
// }
// If there is no CSP, add one to prevent external scripts and content
if (!/<meta\b[^>]+Content-Security-Policy/i.test(htmlArticle)) {
// Add CSP to prevent external scripts and content - note that any existing CSP can only be hardened, not loosened
// if (!/<meta\b[^>]+Content-Security-Policy/i.test(htmlArticle)) {
htmlArticle = htmlArticle.replace(/(<head\b[^>]*>)\s*/, '$1\n <meta http-equiv="Content-Security-Policy" content="default-src \'self\' data: blob: bingmaps: about: \'unsafe-inline\' \'unsafe-eval\';"></meta>\n ');
}
// }
// Maker return links
uiUtil.makeReturnLink(dirEntry.getTitleOrUrl());