From 7739798b5a352008d866f6b193f04587835db769 Mon Sep 17 00:00:00 2001 From: Markus Winter Date: Fri, 23 Aug 2024 21:56:06 +0200 Subject: [PATCH] remove inline js for favicon favicon generated inline js which is not CSP compliant. This changes it so the url is provided via data-url attribute of the script. --- .../simpletheme/FaviconUrlThemeElement.java | 8 +++---- src/main/webapp/simple-theme.js | 24 +++++++------------ .../SimpleThemeConfigurationTest.java | 2 +- 3 files changed, 13 insertions(+), 21 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/simpletheme/FaviconUrlThemeElement.java b/src/main/java/org/jenkinsci/plugins/simpletheme/FaviconUrlThemeElement.java index e5f021a..8c72b2d 100644 --- a/src/main/java/org/jenkinsci/plugins/simpletheme/FaviconUrlThemeElement.java +++ b/src/main/java/org/jenkinsci/plugins/simpletheme/FaviconUrlThemeElement.java @@ -11,9 +11,7 @@ public class FaviconUrlThemeElement extends UrlThemeElement { private static final String SCRIPT_INCLUDE = - ""; - private static final String FAVICON_SCRIPT = - ""; + ""; @DataBoundConstructor public FaviconUrlThemeElement(String url) { @@ -22,8 +20,8 @@ public FaviconUrlThemeElement(String url) { @Override public void collectHeaderFragment(Set fragments, boolean injectCss) { - fragments.add(MessageFormat.format(SCRIPT_INCLUDE, Jenkins.get().getRootUrlFromRequest())); - fragments.add(MessageFormat.format(FAVICON_SCRIPT, getUrl())); + fragments.add( + MessageFormat.format(SCRIPT_INCLUDE, getUrl(), Jenkins.get().getRootUrlFromRequest())); } @Extension diff --git a/src/main/webapp/simple-theme.js b/src/main/webapp/simple-theme.js index 0190ec9..1f8f149 100644 --- a/src/main/webapp/simple-theme.js +++ b/src/main/webapp/simple-theme.js @@ -2,32 +2,26 @@ "use strict"; function removeAll() { - var links = Array.from(document.getElementsByTagName('link')), - link, i; + const links = document.getElementsByTagName('link'); - for (i = 0; i < links.length; i++) { - link = links[i]; + for (const link of links) { if (link.rel.split(/\s+/).some(e => e === 'icon')) { - link.parentNode.removeChild(link); + link.remove(); } } } function add(url) { - var link = document.createElement('link'); + const link = document.createElement('link'); link.setAttribute('rel', 'icon'); document.getElementsByTagName('head')[0].appendChild(link); link.setAttribute('href', url); } - function replaceFavicon(url) { - document.addEventListener("DOMContentLoaded", function(event) { - removeAll(); - add(url); - }); - } + document.addEventListener("DOMContentLoaded", function(event) { + const script = document.getElementById("simple-theme-script"); + removeAll(); + add(script.dataset.url); + }); - global['org.jenkinsci.plugins.simpletheme'] = { - replaceFavicon: replaceFavicon - }; })(this, document); \ No newline at end of file diff --git a/src/test/java/org/jenkinsci/plugins/simpletheme/SimpleThemeConfigurationTest.java b/src/test/java/org/jenkinsci/plugins/simpletheme/SimpleThemeConfigurationTest.java index 5702f33..04e2553 100644 --- a/src/test/java/org/jenkinsci/plugins/simpletheme/SimpleThemeConfigurationTest.java +++ b/src/test/java/org/jenkinsci/plugins/simpletheme/SimpleThemeConfigurationTest.java @@ -59,7 +59,7 @@ public void testConfigCreatesHtml() throws Exception { assertElementPresentByXPath(page, "//script[contains(@src,'SOMEJS.js')]"); assertElementPresentByXPath(page, "//script[contains(@src,'simple-theme.js')]"); - assertElementPresentByXPath(page, "//script[contains(text(),'FAVICON.png')]"); + assertElementPresentByXPath(page, "//script[contains(@data-url,'FAVICON.png')]"); } private void fill(SimpleThemeDecorator decorator) {