Support comments in JS Whitelist.
This commit is contained in:
ccd0
parent
901652e17e
commit
f92e12acaa
@ -143,6 +143,9 @@
|
|||||||
|
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend>Javascript Whitelist</legend>
|
<legend>Javascript Whitelist</legend>
|
||||||
<div>Sources from which Javascript is allowed to be loaded by <a href="http://content-security-policy.com/#source_list" target="_blank">Content Security Policy</a>.</div>
|
<div>
|
||||||
|
Sources from which Javascript is allowed to be loaded by <a href="http://content-security-policy.com/#source_list" target="_blank">Content Security Policy</a>.<br>
|
||||||
|
Lines starting with a <code>#</code> will be ignored.
|
||||||
|
</div>
|
||||||
<textarea name="jsWhitelist" class="field" spellcheck="false"></textarea>
|
<textarea name="jsWhitelist" class="field" spellcheck="false"></textarea>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
|||||||
@ -60,7 +60,7 @@ Main =
|
|||||||
|
|
||||||
# Enforce JS whitelist
|
# Enforce JS whitelist
|
||||||
($.getSync or $.get) {'jsWhitelist': Conf['jsWhitelist']}, ({jsWhitelist}) ->
|
($.getSync or $.get) {'jsWhitelist': Conf['jsWhitelist']}, ({jsWhitelist}) ->
|
||||||
$.addCSP "script-src #{jsWhitelist.replace(/[\s;]+/g, ' ')}"
|
$.addCSP "script-src #{jsWhitelist.replace(/^#.*$/mg, '').replace(/[\s;]+/g, ' ').trim()}"
|
||||||
|
|
||||||
# Get saved values as items
|
# Get saved values as items
|
||||||
items = {}
|
items = {}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user