From 251bd9f226f73529e824b131fa8d08b77aa00d09 Mon Sep 17 00:00:00 2001 From: Aaron Shim <5382864+aaronshim@users.noreply.github.com> Date: Thu, 28 Nov 2024 00:36:38 +0000 Subject: [PATCH] fix(@angular/build): Fixing auto-csp edge cases where - `); scriptContent = []; @@ -152,7 +152,7 @@ export async function autoCsp(html: string, unsafeEval = false): Promise } } - if (tag.tagName === 'body' || tag.tagName === 'html') { + if (tag.tagName === 'head' || tag.tagName === 'body' || tag.tagName === 'html') { // Write the loader script if a string of @@ -96,13 +100,15 @@ describe('auto-csp', () => { const csps = getCsps(result); expect(csps.length).toBe(1); - expect(csps[0]).toMatch(ONE_HASH_CSP); + expect(csps[0]).toMatch(TWO_HASH_CSP); expect(result).toContain( // eslint-disable-next-line max-len - `var scripts = [['./main1.js', undefined, false, false],['./main2.js', undefined, true, false],['./main3.js', 'module', true, true]];`, + `var scripts = [['./main1.js', '', false, false],['./main2.js', '', true, false],['./main3.js', 'module', true, true]];`, ); - // Only one loader script is created. - expect(Array.from(result.matchAll(/`); + // Only two loader scripts are created. + expect(Array.from(result.matchAll(/ + + +
Some text
+ + + `); + + const csps = getCsps(result); + expect(csps.length).toBe(1); + expect(csps[0]).toMatch(ONE_HASH_CSP); + + expect(result).toContain( + // eslint-disable-next-line max-len + `document.lastElementChild.appendChild`, + ); + // Head loader script is in the head. + expect(result).toContain(``); + // Only one loader script is created. + expect(Array.from(result.matchAll(/