Add nonce to eval in shortcuts.js

Prevents the eval script being blocked when we have CSP rules to disable inline scripts

Add nonce to eval in shortcuts.js
Prevents the eval script being blocked when we have CSP rules to disable inline scripts
dd9e88ed · Heinrich Lee Yu · ee9f0bb7 · dd9e88ed
Commit dd9e88ed authored Aug 15, 2019 by Heinrich Lee Yu
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

app/assets/javascripts/behaviors/shortcuts/shortcuts.js app/assets/javascripts/behaviors/shortcuts/shortcuts.js +2 -2

No files found.
--- a/app/assets/javascripts/behaviors/shortcuts/shortcuts.js
+++ b/app/assets/javascripts/behaviors/shortcuts/shortcuts.js
@@ -4,7 +4,7 @@ import Mousetrap from 'mousetrap';
 import axios from '../../lib/utils/axios_utils';
 import { refreshCurrentPage, visitUrl } from '../../lib/utils/url_utility';
 import findAndFollowLink from '../../lib/utils/navigation_utility';
-import { parseBoolean } from '~/lib/utils/common_utils';
+import { parseBoolean, getCspNonceValue } from '~/lib/utils/common_utils';

 const defaultStopCallback = Mousetrap.stopCallback;
 Mousetrap.stopCallback = (e, element, combo) => {
@@ -94,7 +94,7 @@ export default class Shortcuts {
        responseType: 'text',
      })
      .then(({ data }) => {
-        $.globalEval(data);
+        $.globalEval(data, { nonce: getCspNonceValue() });

        if (location && location.length > 0) {
          const results = [];