diff options
author | Heinrich Lee Yu <heinrich@gitlab.com> | 2019-08-15 14:10:24 +0800 |
---|---|---|
committer | Heinrich Lee Yu <heinrich@gitlab.com> | 2019-08-15 14:10:24 +0800 |
commit | dd9e88eddb24412cfaa82a22c92a9050d44773d0 (patch) | |
tree | 6ffd96cabcbfdbd881d396553137cd930a1a65c1 /app/assets/javascripts/behaviors | |
parent | ee9f0bb7a534ed2a7d805e934e0df8219a645660 (diff) | |
download | gitlab-ce-dd9e88eddb24412cfaa82a22c92a9050d44773d0.tar.gz |
Add nonce to eval in shortcuts.jsadd-nonce-to-shortcuts-eval
Prevents the eval script being blocked when
we have CSP rules to disable inline scripts
Diffstat (limited to 'app/assets/javascripts/behaviors')
-rw-r--r-- | app/assets/javascripts/behaviors/shortcuts/shortcuts.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/assets/javascripts/behaviors/shortcuts/shortcuts.js b/app/assets/javascripts/behaviors/shortcuts/shortcuts.js index eade1283513..7e3515b1f4b 100644 --- a/app/assets/javascripts/behaviors/shortcuts/shortcuts.js +++ b/app/assets/javascripts/behaviors/shortcuts/shortcuts.js @@ -4,7 +4,7 @@ import Mousetrap from 'mousetrap'; import axios from '../../lib/utils/axios_utils'; import { refreshCurrentPage, visitUrl } from '../../lib/utils/url_utility'; import findAndFollowLink from '../../lib/utils/navigation_utility'; -import { parseBoolean } from '~/lib/utils/common_utils'; +import { parseBoolean, getCspNonceValue } from '~/lib/utils/common_utils'; const defaultStopCallback = Mousetrap.stopCallback; Mousetrap.stopCallback = (e, element, combo) => { @@ -94,7 +94,7 @@ export default class Shortcuts { responseType: 'text', }) .then(({ data }) => { - $.globalEval(data); + $.globalEval(data, { nonce: getCspNonceValue() }); if (location && location.length > 0) { const results = []; |