summaryrefslogtreecommitdiffstats
path: root/templates
diff options
context:
space:
mode:
authorJelle van der Waa <jelle@vdwaa.nl>2019-01-29 16:42:54 +0100
committerJelle van der Waa <jelle@archlinux.org>2019-02-18 16:42:51 +0100
commit3525458926dfa47e6c7bcedb4304cc243e78d47a (patch)
tree413b8c898c71fd6a07c797193768eaaf0071e80a /templates
parent6b22bedd82ae69a54f15c2f5f64f9f3945e5fb43 (diff)
downloadarchweb-3525458926dfa47e6c7bcedb4304cc243e78d47a.tar.gz
archweb-3525458926dfa47e6c7bcedb4304cc243e78d47a.zip
Implement CSP for archweb
Add django-csp as dependency to be able to set CSP inside django's settings and allow setting a CSP_NONCE for inline <script>'s in templates. Since archweb heavily uses this pattern it's the best compromise.
Diffstat (limited to 'templates')
-rw-r--r--templates/devel/clock.html2
-rw-r--r--templates/devel/index.html2
-rw-r--r--templates/devel/packages.html2
-rw-r--r--templates/devel/profile.html2
-rw-r--r--templates/mirrors/mirror_details.html2
-rw-r--r--templates/mirrors/mirrors.html2
-rw-r--r--templates/mirrors/status.html2
-rw-r--r--templates/mirrors/url_details.html2
-rw-r--r--templates/news/add.html2
-rw-r--r--templates/packages/details.html2
-rw-r--r--templates/packages/differences.html2
-rw-r--r--templates/packages/groups.html2
-rw-r--r--templates/packages/packages_list.html2
-rw-r--r--templates/packages/signoffs.html2
-rw-r--r--templates/packages/stale_relations.html2
-rw-r--r--templates/public/keys.html2
-rw-r--r--templates/registration/login.html2
-rw-r--r--templates/releng/release_list.html2
-rw-r--r--templates/todolists/list.html2
-rw-r--r--templates/todolists/view.html2
-rw-r--r--templates/visualize/index.html2
21 files changed, 21 insertions, 21 deletions
diff --git a/templates/devel/clock.html b/templates/devel/clock.html
index 2c5bfacf..88cc93e7 100644
--- a/templates/devel/clock.html
+++ b/templates/devel/clock.html
@@ -61,7 +61,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$("#clocks-table:has(tbody tr)").tablesorter({
widgets: ['zebra'],
diff --git a/templates/devel/index.html b/templates/devel/index.html
index dfe1d1fa..4f788d6d 100644
--- a/templates/devel/index.html
+++ b/templates/devel/index.html
@@ -167,7 +167,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$("#stats-message").html('Loading developer stats…');
$("#stats-area").load('stats/', function(response, status, xhr) {
diff --git a/templates/devel/packages.html b/templates/devel/packages.html
index c75f81eb..762fc6f0 100644
--- a/templates/devel/packages.html
+++ b/templates/devel/packages.html
@@ -78,7 +78,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$(".results").tablesorter({widgets: ['zebra']});
});
diff --git a/templates/devel/profile.html b/templates/devel/profile.html
index acdc22a9..50bb33dd 100644
--- a/templates/devel/profile.html
+++ b/templates/devel/profile.html
@@ -29,7 +29,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
modify_attributes({
'#id_email': {type: 'email'},
'#id_alias': {autocorrect: 'off', autocapitalize: 'off'},
diff --git a/templates/mirrors/mirror_details.html b/templates/mirrors/mirror_details.html
index 0c0d5559..05a4b0da 100644
--- a/templates/mirrors/mirror_details.html
+++ b/templates/mirrors/mirror_details.html
@@ -115,7 +115,7 @@
<script type="text/javascript" src="{% static "d3-3.0.6.min.js" %}"></script>
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
<script type="text/javascript" src="{% static "mirror_status.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$("#available_urls:has(tbody tr)").tablesorter(
{widgets: ['zebra'], sortList: [[1,0], [2,0]],
diff --git a/templates/mirrors/mirrors.html b/templates/mirrors/mirrors.html
index 7da11268..55eb0f8c 100644
--- a/templates/mirrors/mirrors.html
+++ b/templates/mirrors/mirrors.html
@@ -47,7 +47,7 @@
</div>
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$(".results").tablesorter({widgets: ['zebra'], sortList: [[2,0], [0,0]]});
});
diff --git a/templates/mirrors/status.html b/templates/mirrors/status.html
index 39d68460..fb318480 100644
--- a/templates/mirrors/status.html
+++ b/templates/mirrors/status.html
@@ -77,7 +77,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
var headers = { 4: { sorter: 'duration' }, 5: { sorter: 'mostlydigit' },
6: { sorter: 'mostlydigit' }, 7: { sorter: 'mostlydigit' },
diff --git a/templates/mirrors/url_details.html b/templates/mirrors/url_details.html
index 2454eda4..6e64b08c 100644
--- a/templates/mirrors/url_details.html
+++ b/templates/mirrors/url_details.html
@@ -64,7 +64,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$("#check_logs:has(tbody tr)").tablesorter(
{widgets: ['zebra'], sortList: [[0,1]],
diff --git a/templates/news/add.html b/templates/news/add.html
index 51094659..f171b503 100644
--- a/templates/news/add.html
+++ b/templates/news/add.html
@@ -35,7 +35,7 @@
</div>
{% load cdn %}{% jquery %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(enablePreview);
</script>
{% endblock %}
diff --git a/templates/packages/details.html b/templates/packages/details.html
index 2851abd6..768ce43f 100644
--- a/templates/packages/details.html
+++ b/templates/packages/details.html
@@ -11,7 +11,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce="{{ CSP_NONCE }}">
$(document).ready(function() {
ajaxifyFiles();
collapseDependsList("#pkgdepslist");
diff --git a/templates/packages/differences.html b/templates/packages/differences.html
index 30750798..c650c6e8 100644
--- a/templates/packages/differences.html
+++ b/templates/packages/differences.html
@@ -42,7 +42,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$('#table_multilib_differences').tablesorter({widgets: ['zebra'], sortList: [[5, 0]]});
});
diff --git a/templates/packages/groups.html b/templates/packages/groups.html
index c135791f..9f9fef35 100644
--- a/templates/packages/groups.html
+++ b/templates/packages/groups.html
@@ -34,7 +34,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$(".results").tablesorter({widgets: ['zebra'], sortList: [[1,0], [0,0]]});
});
diff --git a/templates/packages/packages_list.html b/templates/packages/packages_list.html
index 3dcc03dc..72311235 100644
--- a/templates/packages/packages_list.html
+++ b/templates/packages/packages_list.html
@@ -45,7 +45,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$(".results").tablesorter({widgets: ['zebra'], sortList: [[2,0]]});
});
diff --git a/templates/packages/signoffs.html b/templates/packages/signoffs.html
index 9f6437c2..e2214845 100644
--- a/templates/packages/signoffs.html
+++ b/templates/packages/signoffs.html
@@ -82,7 +82,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$('.results').tablesorter({widgets: ['zebra'], sortList: [[0,0]],
headers: { 5: { sorter: 'epochdate' }, 7: { sorter: false }, 8: {sorter: false } } });
diff --git a/templates/packages/stale_relations.html b/templates/packages/stale_relations.html
index 218ddb3e..8aec424d 100644
--- a/templates/packages/stale_relations.html
+++ b/templates/packages/stale_relations.html
@@ -114,7 +114,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$('#inactive-user:not(:has(tbody tr.empty))').tablesorter({widgets: ['zebra'], headers: { 0: { sorter: false }, 2: { sorter: false } }, sortList: [[1,0]]});
$('#missing-pkgbase:not(:has(tbody tr.empty))').tablesorter({widgets: ['zebra'], headers: { 0: { sorter: false } }, sortList: [[1,0]]});
diff --git a/templates/public/keys.html b/templates/public/keys.html
index 37d5b232..978abaab 100644
--- a/templates/public/keys.html
+++ b/templates/public/keys.html
@@ -139,7 +139,7 @@
<script type="text/javascript" src="{% static "d3-3.0.6.min.js" %}"></script>
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
<script type="text/javascript" src="{% static "visualize.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$("#key-status").tablesorter({
sortLocaleCompare: true,
diff --git a/templates/registration/login.html b/templates/registration/login.html
index b5894319..f9acbe99 100644
--- a/templates/registration/login.html
+++ b/templates/registration/login.html
@@ -20,7 +20,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
modify_attributes({
'#id_username': {autocorrect: 'off', autocapitalize: 'off'}
});
diff --git a/templates/releng/release_list.html b/templates/releng/release_list.html
index bca30042..44d94f14 100644
--- a/templates/releng/release_list.html
+++ b/templates/releng/release_list.html
@@ -57,7 +57,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$(".results").tablesorter({
widgets: ['zebra'],
diff --git a/templates/todolists/list.html b/templates/todolists/list.html
index 04676812..042ff602 100644
--- a/templates/todolists/list.html
+++ b/templates/todolists/list.html
@@ -56,7 +56,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
// I'm not sure why it didn't autodetect digit, but it has to be explicit
// http://stackoverflow.com/questions/302749/jquery-tablesorter-problem
diff --git a/templates/todolists/view.html b/templates/todolists/view.html
index 8360533b..b5d69459 100644
--- a/templates/todolists/view.html
+++ b/templates/todolists/view.html
@@ -112,7 +112,7 @@
{% block script_block %}
{% load cdn %}{% jquery %}{% jquery_tablesorter %}
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
$(".results").tablesorter({
widgets: ['zebra'],
diff --git a/templates/visualize/index.html b/templates/visualize/index.html
index 446bdebe..5b992ea4 100644
--- a/templates/visualize/index.html
+++ b/templates/visualize/index.html
@@ -30,7 +30,7 @@
<script type="text/javascript" src="{% static "d3-3.0.6.min.js" %}"></script>
<script type="text/javascript" src="{% static "archweb.js" %}"></script>
<script type="text/javascript" src="{% static "visualize.js" %}"></script>
-<script type="text/javascript">
+<script type="text/javascript" nonce={{ CSP_NONCE }}>
$(document).ready(function() {
var orderings = {
"repo": { url: "{% url 'visualize-byrepo' %}", color_attr: "repo" },