Skip to content

Commit

Permalink
remove inline js for favicon
Browse files Browse the repository at this point in the history
favicon generated inline js which is not CSP compliant.
This changes it so the url is provided via data-url attribute of the
script.
  • Loading branch information
mawinter69 committed Aug 23, 2024
1 parent 1477c0c commit 7739798
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 21 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,7 @@
public class FaviconUrlThemeElement extends UrlThemeElement {

private static final String SCRIPT_INCLUDE =
"<script src=\"{0}/plugin/simple-theme-plugin/simple-theme.js\"></script>";
private static final String FAVICON_SCRIPT =
"<script>\n" + "window[''org.jenkinsci.plugins.simpletheme''].replaceFavicon(\"{0}\");\n" + "</script>";
"<script id=\"simple-theme-script\" data-url=\"{0}\" src=\"{1}/plugin/simple-theme-plugin/simple-theme.js\"></script>";

@DataBoundConstructor
public FaviconUrlThemeElement(String url) {
Expand All @@ -22,8 +20,8 @@ public FaviconUrlThemeElement(String url) {

@Override
public void collectHeaderFragment(Set<String> fragments, boolean injectCss) {
fragments.add(MessageFormat.format(SCRIPT_INCLUDE, Jenkins.get().getRootUrlFromRequest()));
fragments.add(MessageFormat.format(FAVICON_SCRIPT, getUrl()));
fragments.add(
MessageFormat.format(SCRIPT_INCLUDE, getUrl(), Jenkins.get().getRootUrlFromRequest()));
}

@Extension
Expand Down
24 changes: 9 additions & 15 deletions src/main/webapp/simple-theme.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,32 +2,26 @@
"use strict";

function removeAll() {
var links = Array.from(document.getElementsByTagName('link')),
link, i;
const links = document.getElementsByTagName('link');

for (i = 0; i < links.length; i++) {
link = links[i];
for (const link of links) {
if (link.rel.split(/\s+/).some(e => e === 'icon')) {
link.parentNode.removeChild(link);
link.remove();
}
}
}

function add(url) {
var link = document.createElement('link');
const link = document.createElement('link');
link.setAttribute('rel', 'icon');
document.getElementsByTagName('head')[0].appendChild(link);
link.setAttribute('href', url);
}

function replaceFavicon(url) {
document.addEventListener("DOMContentLoaded", function(event) {
removeAll();
add(url);
});
}
document.addEventListener("DOMContentLoaded", function(event) {
const script = document.getElementById("simple-theme-script");
removeAll();
add(script.dataset.url);
});

global['org.jenkinsci.plugins.simpletheme'] = {
replaceFavicon: replaceFavicon
};
})(this, document);
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ public void testConfigCreatesHtml() throws Exception {
assertElementPresentByXPath(page, "//script[contains(@src,'SOMEJS.js')]");

assertElementPresentByXPath(page, "//script[contains(@src,'simple-theme.js')]");
assertElementPresentByXPath(page, "//script[contains(text(),'FAVICON.png')]");
assertElementPresentByXPath(page, "//script[contains(@data-url,'FAVICON.png')]");
}

private void fill(SimpleThemeDecorator decorator) {
Expand Down

0 comments on commit 7739798

Please sign in to comment.