From 974b380f3e98d92d0dde5abf1854989e7676790b Mon Sep 17 00:00:00 2001
From: TrebledJ <39648915+TrebledJ@users.noreply.github.com>
Date: Sun, 22 Sep 2024 20:06:26 +0800
Subject: [PATCH] fix: tocOptions and csp interop
---
.../attack-of-the-zip/2024-02-15-attack-of-the-zip.md | 3 ++-
...2024-08-18-abusing-server-side-rendering-in-drogon.md | 3 ++-
eleventy.config.js | 6 +++++-
eleventy/plugins.js | 4 ++--
partials/_includes/utilities/bundle-js.html | 9 ++++++++-
5 files changed, 19 insertions(+), 6 deletions(-)
diff --git a/content/posts/infosec/attack-of-the-zip/2024-02-15-attack-of-the-zip.md b/content/posts/infosec/attack-of-the-zip/2024-02-15-attack-of-the-zip.md
index 50d62e9fc..a29c3c6d5 100644
--- a/content/posts/infosec/attack-of-the-zip/2024-02-15-attack-of-the-zip.md
+++ b/content/posts/infosec/attack-of-the-zip/2024-02-15-attack-of-the-zip.md
@@ -11,7 +11,8 @@ tags:
- linux
- windows
thumbnail_src: assets/attack-of-the-zip-thumbnail.jpg
-tocOptions: '{"tags":["h2","h3","h4"]}'
+tocOptions:
+ tags: [h2, h3, h4]
preamble: |
*Last month, I designed a CTF challenge involving zip file attacks. This post is a collection of the techniques, insights, and notes I've gathered. I've also uploaded the challenge on [GitHub](https://github.com/TrebledJ/attack-of-the-zip) along with a simplified playground.*
---
diff --git a/content/posts/infosec/drogon-csp/2024-08-18-abusing-server-side-rendering-in-drogon.md b/content/posts/infosec/drogon-csp/2024-08-18-abusing-server-side-rendering-in-drogon.md
index c018b34cc..f35b0c1d3 100644
--- a/content/posts/infosec/drogon-csp/2024-08-18-abusing-server-side-rendering-in-drogon.md
+++ b/content/posts/infosec/drogon-csp/2024-08-18-abusing-server-side-rendering-in-drogon.md
@@ -11,7 +11,8 @@ tags:
- writeup
thumbnail_src: assets/drogon-thumbnail.png
thumbnail_banner: true
-tocOptions: '{"tags":["h2","h3","h4"]}'
+tocOptions:
+ tags: [h2, h3, h4]
related:
posts: [attack-of-the-zip]
# preamble: |
diff --git a/eleventy.config.js b/eleventy.config.js
index 42c850dd2..26453efd3 100644
--- a/eleventy.config.js
+++ b/eleventy.config.js
@@ -140,7 +140,11 @@ module.exports = function (eleventyConfig) {
return content;
});
- eleventyConfig.addTransform('htmlcsp', htmlcsp);
+ // Indirect: wrap addTransform with addPlugin, so that bundled inline JS
+ // gets substituted before calling htmlcsp.
+ eleventyConfig.addPlugin(function (eleventyConfig) {
+ eleventyConfig.addTransform('htmlcsp', htmlcsp);
+ });
}
// Customize Markdown library settings:
diff --git a/eleventy/plugins.js b/eleventy/plugins.js
index 5ff23ab7d..b8647b106 100644
--- a/eleventy/plugins.js
+++ b/eleventy/plugins.js
@@ -18,7 +18,7 @@ module.exports = function (eleventyConfig) {
eleventyConfig.addPlugin(pluginNavigation);
eleventyConfig.addPlugin(pluginBundle, {
- bundles: ['inlinecss'],
+ bundles: ['inlinecss', 'inlinejs'],
toFileDirectory: 'cb',
transforms: [
async function (content) {
@@ -38,7 +38,7 @@ module.exports = function (eleventyConfig) {
return output.styles;
}
- if (this.type === 'js') {
+ if (this.type === 'js' || this.type === 'inlinejs') {
const result = await minify(content);
return result.code;
}
diff --git a/partials/_includes/utilities/bundle-js.html b/partials/_includes/utilities/bundle-js.html
index e50f85b8c..f1aaf66f9 100644
--- a/partials/_includes/utilities/bundle-js.html
+++ b/partials/_includes/utilities/bundle-js.html
@@ -1,6 +1,11 @@
{# Bundle JS. #}
-{% js %}
+
+{# Some variables are per-post. For instance, some posts have different ToC options. #}
+{% inlinejs %}
var tocOptions = {{ tocOptions | default({}) | dump | safe }};
+{% endinlinejs %}
+
+{% js %}
var site = {
typewrite: {{ site.typewrite | dump | safe }},
search: {{ site.search | dump | safe }},
@@ -55,4 +60,6 @@
{% set jsBundle %}
{%- getBundleFileUrl "js" -%}
{% endset %}
+
+
\ No newline at end of file