From e377515867e4011dbc92556e9361ebce6e24deba Mon Sep 17 00:00:00 2001 From: Nolan Lawson Date: Fri, 7 Sep 2018 09:46:46 -0700 Subject: [PATCH 1/2] allow scripts to contain a CSP nonce --- src/middleware.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/middleware.ts b/src/middleware.ts index 15b4bbf..489d85a 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -524,9 +524,12 @@ function get_page_handler( styles = (css && css.code ? `` : ''); } + // users can set a CSP nonce using res.locals.nonce + const nonceAttr = (res.locals && res.locals.nonce) ? ` nonce="${res.locals.nonce}"` : ''; + const body = template() .replace('%sapper.base%', () => ``) - .replace('%sapper.scripts%', () => ``) + .replace('%sapper.scripts%', () => `${script}`) .replace('%sapper.html%', () => html) .replace('%sapper.head%', () => `${head}`) .replace('%sapper.styles%', () => styles); From 0a7be736c0e27717782c6897ee5608b0d7fc2316 Mon Sep 17 00:00:00 2001 From: Rich Harris Date: Fri, 7 Sep 2018 19:45:40 -0400 Subject: [PATCH 2/2] snake_case --- src/middleware.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/middleware.ts b/src/middleware.ts index 489d85a..7b0103b 100644 --- a/src/middleware.ts +++ b/src/middleware.ts @@ -525,11 +525,11 @@ function get_page_handler( } // users can set a CSP nonce using res.locals.nonce - const nonceAttr = (res.locals && res.locals.nonce) ? ` nonce="${res.locals.nonce}"` : ''; + const nonce_attr = (res.locals && res.locals.nonce) ? ` nonce="${res.locals.nonce}"` : ''; const body = template() .replace('%sapper.base%', () => ``) - .replace('%sapper.scripts%', () => `${script}`) + .replace('%sapper.scripts%', () => `${script}`) .replace('%sapper.html%', () => html) .replace('%sapper.head%', () => `${head}`) .replace('%sapper.styles%', () => styles);