mirrors/nadeko_invidious
1
0
Fork 0
mirror of https://git.nadeko.net/Fijxu/invidious.git synced 2026-01-08 16:01:19 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Migrate to a good Content Security Policy (#1023)

Browse Source 
So attacks such as XSS (see [0]) will no longer be of an issue.

[0]: https://github.com/omarroth/invidious/issues/1022
This commit is contained in:
leonklingele
2020-03-16 06:46:08 +09:00
committed by GitHub
parent f92027c44b
commit 70cbe91776
29 changed files with 274 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/invidious/views/template.ecr
View File

@@ -147,13 +147,14 @@
</div>
<div class="pure-u-1 pure-u-md-2-24"></div>
</div>
<script src="/js/handlers.js?v=<%= ASSET_COMMIT %>"></script>
<script src="/js/themes.js?v=<%= ASSET_COMMIT %>"></script>
<% if env.get? "user" %>
<script src="/js/sse.js?v=<%= ASSET_COMMIT %>"></script>
<script>
var notification_data = {
upload_text: '<%= HTML.escape(translate(locale, "`x` uploaded a video")) %>',
live_upload_text: '<%= HTML.escape(translate(locale, "`x` is live")) %>',
<script id="notification_data" type="application/json">
{
"upload_text": "<%= HTML.escape(translate(locale, "`x` uploaded a video")) %>",
"live_upload_text": "<%= HTML.escape(translate(locale, "`x` is live")) %>"
}
</script>
<script src="/js/notifications.js?v=<%= ASSET_COMMIT %>"></script>