adding csp

2025-12-06 06:17:17 +00:00 · 2021-05-04 09:21:13 +01:00
parent d21ec61f06
commit 10ffd01a2e
7 changed files with 19 additions and 10 deletions
--- a/cbreader/settings/base.py
+++ b/cbreader/settings/base.py
@@ -152,4 +152,5 @@ CSP_IMG_SRC = ("'self'", "data:")
 CSP_FONT_SRC = ("'self'")
 CSP_SCRIPT_SRC = ("'self'", 'code.jquery.com', 'cdn.jsdelivr.net', 'cdn.datatables.net')
 CSP_CONNECT_SRC = ("'self'")
-CSP_INCLUDE_NONCE_IN = ['script-src']
+CSP_INCLUDE_NONCE_IN = ['script-src']
+CSP_SCRIPT_SRC_ATTR = ("'self'", "'unsafe-inline'")
--- a/comic/templates/comic/comic_list.html
+++ b/comic/templates/comic/comic_list.html
@@ -38,12 +38,12 @@
                {% endif %}

                    {% if file.obj.thumbnail %}
-                    <img src="{{file.obj.thumbnail.url}}" class="card-img-top" alt="{{ file.name }}" onerror="this.onerror=null;this.src='{% static "img/placeholder.png" %}';">
+                    <img src="{{file.obj.thumbnail.url}}" class="card-img-top" alt="{{ file.name }}" alt_src="{% static "/img/placeholder.png" %}" onerror="this.onerror=null;this.src=this.getAttribute('alt_src');">
                    {% else %}
                        {% if file.item_type == 'Directory' %}
-                            <img src="{% url 'directory_thumbnail' file.selector %}" class="card-img-top" alt="{{ file.name }}" onerror="this.onerror=null;this.src='{% static "img/placeholder.png" %}';">
+                            <img src="{% url 'directory_thumbnail' file.selector %}" class="card-img-top" alt="{{ file.name }}" alt_src="{% static "/img/placeholder.png" %}" onerror="this.onerror=null;this.src=this.getAttribute('alt_src');">
                        {% elif file.item_type == 'ComicBook' %}
-                            <img src="{% url 'comic_thumbnail' file.selector %}" class="card-img-top" alt="{{ file.name }}" onerror="this.onerror=null;this.src='{% static "img/placeholder.png" %}';">
+                            <img src="{% url 'comic_thumbnail' file.selector %}" class="card-img-top" alt="{{ file.name }}" alt_src="{% static "/img/placeholder.png" %}" onerror="this.onerror=null;this.src=this.getAttribute('alt_src');">
                        {% endif %}
                    {% endif %}
                </a>
--- a/comic/templates/comic/read_comic.html
+++ b/comic/templates/comic/read_comic.html
@@ -6,13 +6,13 @@


        <div class="reveal" id="comic_box">
-			<div class="slides" onclick="nextPage()">
+			<div id="slides_div" class="slides">
                {% for page in pages %}
 				<section data-menu-title="{{ page.page_file_name }}">
                    {% if page.content_type|first in 'image' %}
                        <img data-src="{% url "get_image" nav.cur_path page.index %}" class=" w-100"  alt="{{ page.page_file_name }}">
                    {% else %}
-                        <p><embed type="{{ page.content_type }}" src="{% url "get_image" nav.cur_path page.index %}" onclick="nextPage()"></p>
+                        <p><embed class="comic_embed" type="{{ page.content_type }}" src="{% url "get_image" nav.cur_path page.index %}"></p>
                    {% endif %}
                </section>
                {% endfor %}
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -3,7 +3,7 @@ line_length = 119

 [tool.poetry]
 name = "cbwebreader"
-version = "0.2.1"
+version = "0.3.0"
 description = "CBR/Z Web Reader"
 authors = ["ajurna <ajurna@gmail.com>"]
 license = "Creative Commons Attribution-ShareAlike 4.0 International License"
--- a/static/js/comic_list.js
+++ b/static/js/comic_list.js
@@ -83,4 +83,4 @@ comic_action_elements.forEach(el => el.addEventListener('click', event => {
    let item_type = target.attr('itemtype')
    let action = target.attr('comic_action')
    comic_action(selector, item_type, action)
-}));
+}));
--- a/static/js/read_comic.js
+++ b/static/js/read_comic.js
@@ -59,4 +59,12 @@ function nextPage() {
    } else {
        Reveal.next()
    }
-}
+}
+let slides_div = document.getElementById('slides_div')
+slides_div.addEventListener('click', nextPage)
+
+let embeds = document.getElementsByClassName('comic_embed')
+
+embeds.forEach(function (embed){
+    embed.addEventListener('click', nextPage)
+})
--- a/static/js/read_comic.min.js
+++ b/static/js/read_comic.min.js
@@ -1 +1 @@
-const nav=JSON.parse(document.getElementById("nav").textContent);const last_read_page=JSON.parse(document.getElementById("last_read_page").textContent);Reveal.initialize({controls:false,hash:true,width:"100%",height:"100%",margin:0,minScale:1,maxScale:1,disableLayout:true,progress:true,keyboard:{37:()=>{prevPage()},39:()=>{nextPage()},38:()=>{window.scrollTo({top:window.scrollY-window.innerHeight*.6,left:0,behavior:"smooth"})},40:()=>{window.scrollTo({top:window.scrollY+window.innerHeight*.6,left:0,behavior:"smooth"})}},touch:false,transition:"slide",plugins:[RevealMenu]}).then(()=>{Reveal.slide(last_read_page)});Reveal.on("slidechanged",event=>{setTimeout(()=>{document.getElementsByClassName("slides")[0].scrollIntoView({behavior:"smooth"})},100);$.ajax({url:"/comic/set_page/"+nav.cur_path+"/"+event.indexh+"/"})});const hammertime=new Hammer(document.getElementById("comic_box"),{});hammertime.on("swipeleft",function(ev){if(Reveal.isLastSlide()){window.location="/comic/read/"+nav.next_path+"/"}else{Reveal.next()}});hammertime.on("swiperight",function(ev){if(Reveal.isFirstSlide()){window.location="/comic/read/"+nav.prev_path+"/"}else{Reveal.prev()}});function prevPage(){if(Reveal.isFirstSlide()){window.location="/comic/read/"+nav.prev_path+"/"}else{Reveal.prev()}}function nextPage(){if(Reveal.isLastSlide()){window.location="/comic/read/"+nav.next_path+"/"}else{Reveal.next()}}
+const nav=JSON.parse(document.getElementById("nav").textContent);const last_read_page=JSON.parse(document.getElementById("last_read_page").textContent);Reveal.initialize({controls:false,hash:true,width:"100%",height:"100%",margin:0,minScale:1,maxScale:1,disableLayout:true,progress:true,keyboard:{37:()=>{prevPage()},39:()=>{nextPage()},38:()=>{window.scrollTo({top:window.scrollY-window.innerHeight*.6,left:0,behavior:"smooth"})},40:()=>{window.scrollTo({top:window.scrollY+window.innerHeight*.6,left:0,behavior:"smooth"})}},touch:false,transition:"slide",plugins:[RevealMenu]}).then(()=>{Reveal.slide(last_read_page)});Reveal.on("slidechanged",event=>{setTimeout(()=>{document.getElementsByClassName("slides")[0].scrollIntoView({behavior:"smooth"})},100);$.ajax({url:"/comic/set_page/"+nav.cur_path+"/"+event.indexh+"/"})});const hammertime=new Hammer(document.getElementById("comic_box"),{});hammertime.on("swipeleft",function(ev){if(Reveal.isLastSlide()){window.location="/comic/read/"+nav.next_path+"/"}else{Reveal.next()}});hammertime.on("swiperight",function(ev){if(Reveal.isFirstSlide()){window.location="/comic/read/"+nav.prev_path+"/"}else{Reveal.prev()}});function prevPage(){if(Reveal.isFirstSlide()){window.location="/comic/read/"+nav.prev_path+"/"}else{Reveal.prev()}}function nextPage(){if(Reveal.isLastSlide()){window.location="/comic/read/"+nav.next_path+"/"}else{Reveal.next()}}let slides_div=document.getElementById("slides_div");slides_div.addEventListener("click",nextPage);let embeds=document.getElementsByClassName("comic_embed");embeds.forEach(function(embed){embed.addEventListener("click",nextPage)});