From 974b380f3e98d92d0dde5abf1854989e7676790b Mon Sep 17 00:00:00 2001 From: TrebledJ <39648915+TrebledJ@users.noreply.github.com> Date: Sun, 22 Sep 2024 20:06:26 +0800 Subject: [PATCH] fix: tocOptions and csp interop --- .../attack-of-the-zip/2024-02-15-attack-of-the-zip.md | 3 ++- ...2024-08-18-abusing-server-side-rendering-in-drogon.md | 3 ++- eleventy.config.js | 6 +++++- eleventy/plugins.js | 4 ++-- partials/_includes/utilities/bundle-js.html | 9 ++++++++- 5 files changed, 19 insertions(+), 6 deletions(-) diff --git a/content/posts/infosec/attack-of-the-zip/2024-02-15-attack-of-the-zip.md b/content/posts/infosec/attack-of-the-zip/2024-02-15-attack-of-the-zip.md index 50d62e9fc..a29c3c6d5 100644 --- a/content/posts/infosec/attack-of-the-zip/2024-02-15-attack-of-the-zip.md +++ b/content/posts/infosec/attack-of-the-zip/2024-02-15-attack-of-the-zip.md @@ -11,7 +11,8 @@ tags: - linux - windows thumbnail_src: assets/attack-of-the-zip-thumbnail.jpg -tocOptions: '{"tags":["h2","h3","h4"]}' +tocOptions: + tags: [h2, h3, h4] preamble: | *Last month, I designed a CTF challenge involving zip file attacks. This post is a collection of the techniques, insights, and notes I've gathered. I've also uploaded the challenge on [GitHub](https://github.com/TrebledJ/attack-of-the-zip) along with a simplified playground.* --- diff --git a/content/posts/infosec/drogon-csp/2024-08-18-abusing-server-side-rendering-in-drogon.md b/content/posts/infosec/drogon-csp/2024-08-18-abusing-server-side-rendering-in-drogon.md index c018b34cc..f35b0c1d3 100644 --- a/content/posts/infosec/drogon-csp/2024-08-18-abusing-server-side-rendering-in-drogon.md +++ b/content/posts/infosec/drogon-csp/2024-08-18-abusing-server-side-rendering-in-drogon.md @@ -11,7 +11,8 @@ tags: - writeup thumbnail_src: assets/drogon-thumbnail.png thumbnail_banner: true -tocOptions: '{"tags":["h2","h3","h4"]}' +tocOptions: + tags: [h2, h3, h4] related: posts: [attack-of-the-zip] # preamble: | diff --git a/eleventy.config.js b/eleventy.config.js index 42c850dd2..26453efd3 100644 --- a/eleventy.config.js +++ b/eleventy.config.js @@ -140,7 +140,11 @@ module.exports = function (eleventyConfig) { return content; }); - eleventyConfig.addTransform('htmlcsp', htmlcsp); + // Indirect: wrap addTransform with addPlugin, so that bundled inline JS + // gets substituted before calling htmlcsp. + eleventyConfig.addPlugin(function (eleventyConfig) { + eleventyConfig.addTransform('htmlcsp', htmlcsp); + }); } // Customize Markdown library settings: diff --git a/eleventy/plugins.js b/eleventy/plugins.js index 5ff23ab7d..b8647b106 100644 --- a/eleventy/plugins.js +++ b/eleventy/plugins.js @@ -18,7 +18,7 @@ module.exports = function (eleventyConfig) { eleventyConfig.addPlugin(pluginNavigation); eleventyConfig.addPlugin(pluginBundle, { - bundles: ['inlinecss'], + bundles: ['inlinecss', 'inlinejs'], toFileDirectory: 'cb', transforms: [ async function (content) { @@ -38,7 +38,7 @@ module.exports = function (eleventyConfig) { return output.styles; } - if (this.type === 'js') { + if (this.type === 'js' || this.type === 'inlinejs') { const result = await minify(content); return result.code; } diff --git a/partials/_includes/utilities/bundle-js.html b/partials/_includes/utilities/bundle-js.html index e50f85b8c..f1aaf66f9 100644 --- a/partials/_includes/utilities/bundle-js.html +++ b/partials/_includes/utilities/bundle-js.html @@ -1,6 +1,11 @@ {# Bundle JS. #} -{% js %} + +{# Some variables are per-post. For instance, some posts have different ToC options. #} +{% inlinejs %} var tocOptions = {{ tocOptions | default({}) | dump | safe }}; +{% endinlinejs %} + +{% js %} var site = { typewrite: {{ site.typewrite | dump | safe }}, search: {{ site.search | dump | safe }}, @@ -55,4 +60,6 @@ {% set jsBundle %} {%- getBundleFileUrl "js" -%} {% endset %} + + \ No newline at end of file