CSP - extract all other inline JavaScripts (#6528)

* wizard page inline js * print topic inline js * drop JS for preventing double submission this is the default behavior with Rails' UJS `disable_with` helper * omniauth complete redirect JS * account activate inline js
2025-02-25 18:55:32 -06:00 · 2018-10-25 09:52:01 -04:00
parent 56e0f47bcd
commit a6eca28ec6
14 changed files with 71 additions and 63 deletions
--- a/app/views/users/_auto_redirect_home.html.erb
+++ b/app/views/users/_auto_redirect_home.html.erb
@@ -1,7 +0,0 @@
-<script language="javascript">
-  (function() {
-    setTimeout(function() {
-      window.location.href = '<%= path("/") %>';
-    }, 2000);
-  })();
-</script>
--- a/app/views/users/activate_account.html.erb
+++ b/app/views/users/activate_account.html.erb
@@ -13,22 +13,7 @@
  <%= preload_script "ember_jquery" %>
  <%= preload_script "vendor" %>
  <%= render_google_universal_analytics_code %>
+  <%= tag.meta id: 'data-activate-account', data: { path: path('/u/hp') } %>
 <%- end %>

-<script language="javascript">
-  (function() {
-    setTimeout(function() {
-      var $activateButton = $('#activate-account-button');
-      $activateButton.on('click', function() {
-        $activateButton.prop('disabled', true);
-        $.ajax("<%= path "/u/hp" %>").then(function(hp) {
-          $('#password_confirmation').val(hp.value);
-          $('#challenge').val(hp.challenge.split("").reverse().join(""));
-          $('#activate-account-form').submit();
-        }).fail(function() {
-          $activateButton.prop('disabled', false);
-        });
-      });
-    }, 50);
-  })();
-</script>
+<%= preload_script "activate-account" %>
--- a/app/views/users/omniauth_callbacks/complete.html.erb
+++ b/app/views/users/omniauth_callbacks/complete.html.erb
@@ -15,6 +15,11 @@
      border-bottom-color: #999;
    }
  </style>
+  <%= tag.meta id: 'data-auth-result', data: {
+    auth_result: @auth_result.to_client_hash,
+    base_url: Discourse.base_url
+  } %>
+  <%= preload_script('omniauth-complete') %>
 </head>

 <body>
@@ -23,18 +28,6 @@
      <%=t "login.auth_complete" %>
      <a href="<%= Discourse.base_url.html_safe %>?authComplete=true"><%= t("login.click_to_continue") %></a>
    </p>
-
-    <script type="text/javascript">
-       var authResult = <%=@auth_result.to_client_hash.to_json.html_safe%>;
-
-       if (!window.opener) {
-         localStorage.setItem('lastAuthResult', JSON.stringify(authResult));
-         window.location.href = '<%= Discourse.base_url.html_safe %>?authComplete=true';
-       } else {
-         window.opener.Discourse.authenticationComplete(authResult);
-         window.close();
-       }
-    </script>
  </div>
 </body>
 </html>
--- a/app/views/users/perform_account_activation.html.erb
+++ b/app/views/users/perform_account_activation.html.erb
@@ -13,7 +13,10 @@
    <% else %>
      <p><%= t('activation.please_continue') %></p>
      <p><a class="btn" href="<%= path "/" %>"><%= t('activation.continue_button', site_name: SiteSetting.title) -%></a></p>
-      <%= render partial: 'auto_redirect_home' %>
+      <%- content_for(:no_ember_head) do %>
+        <%= tag.meta id: 'data-auto-redirect', data: { path: path('/') } %>
+      <%- end %>
+      <%= preload_script 'auto-redirect' %>
    <% end %>
  <%end%>
 </div>