diff --git a/SciPost_v1/settings/base.py b/SciPost_v1/settings/base.py
index e531f647c4cb4aff2e029bd6d8f5f859b2ff2d89..3215a4b8bc804484219005e2962e9735b77158de 100644
--- a/SciPost_v1/settings/base.py
+++ b/SciPost_v1/settings/base.py
@@ -202,7 +202,7 @@ CSP_IMG_SRC = ("'self'", 'scipost.org',
'data:', 'ajax.googleapis.com', 'assets.crossref.org',
'licensebuttons.net', 'crossmark-cdn.crossref.org')
CSP_SCRIPT_SRC = ("'self'", 'scipost.org',
- "'unsafe-inline'",
+ #"'unsafe-inline'",
'ajax.googleapis.com',
'cdnjs.cloudflare.com', 'crossmark-cdn.crossref.org',
'www.recaptcha.net', 'www.gstatic.com',
@@ -210,6 +210,7 @@ CSP_SCRIPT_SRC = ("'self'", 'scipost.org',
CSP_STYLE_SRC = ("'self'", 'scipost.org',
"'unsafe-inline'", 'ajax.googleapis.com', 'code.jquery.com',
'fonts.googleapis.com', 'cdnjs.cloudflare.com')
+CSP_INCLUDE_NONCE_IN=['script-src']
ROOT_URLCONF = 'SciPost_v1.urls'
diff --git a/SciPost_v1/settings/production.py b/SciPost_v1/settings/production.py
index 8691f58c5b870ead85df02c84bef224e4f0784fb..114407891177b1f8cf3a4f15bcc7cc60a017604c 100644
--- a/SciPost_v1/settings/production.py
+++ b/SciPost_v1/settings/production.py
@@ -70,4 +70,4 @@ sentry_sdk.init(
integrations=[DjangoIntegration()]
)
CSP_REPORT_URI = get_secret('CSP_SENTRY')
-CSP_REPORT_ONLY = False
+CSP_REPORT_ONLY = True
diff --git a/colleges/templates/colleges/potentialfellowship_list.html b/colleges/templates/colleges/potentialfellowship_list.html
index 4d33b8b9b33fdbb73502c0c206e88982ed356d83..ae34a2f93c8ead3c3eca15e6202457fed4003aed 100644
--- a/colleges/templates/colleges/potentialfellowship_list.html
+++ b/colleges/templates/colleges/potentialfellowship_list.html
@@ -1,18 +1,12 @@
{% extends 'colleges/base.html' %}
+{% load bootstrap %}
{% load scipost_extras %}
{% load colleges_extras %}
-{% load bootstrap %}
+{% load staticfiles %}
{% block headsup %}
- <script type="text/javascript">
- $(document).ready(function($) {
- $(".table-row").click(function() {
- var addr = $(this).data("href");
- window.open(addr, "_blank");
- });
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/table-row-blank.js' %}"></script>
{% endblock headsup %}
{% block breadcrumb_items %}
diff --git a/comments/templates/comments/_add_comment_form.html b/comments/templates/comments/_add_comment_form.html
index 3cc853d93d4e8e90c75ca2e3da9abfd8a7379fed..fb7c24f76a41bb8ae61e0a83f832ceea20f4d549 100644
--- a/comments/templates/comments/_add_comment_form.html
+++ b/comments/templates/comments/_add_comment_form.html
@@ -1,29 +1,32 @@
{% load bootstrap %}
+{% load staticfiles %}
+
{% block footer_script %}
- <script>
- $(function(){
+ <!-- <script>
+ $(function(){
var comment_text_input = $("#id_comment_text");
comment_text_input.on('keyup', function(){
- var new_text = $(this).val()
- $("#preview-comment_text").text(new_text)
- if( typeof MathJax.Hub !== 'undefined' ) {
- MathJax.Hub.Queue(["Typeset",MathJax.Hub]);
- }
+ var new_text = $(this).val()
+ $("#preview-comment_text").text(new_text)
+ if( typeof MathJax.Hub !== 'undefined' ) {
+ MathJax.Hub.Queue(["Typeset",MathJax.Hub]);
+ }
}).trigger('keyup');
$('input[name$="anonymous"]').on('change', function() {
- $('.anonymous-alert').show()
- .children('h3').hide()
- if ($(this).prop('checked')) {
- $('.anonymous-yes').show();
- } else {
- $('.anonymous-no').show();
- }
+ $('.anonymous-alert').show()
+ .children('h3').hide()
+ if ($(this).prop('checked')) {
+ $('.anonymous-yes').show();
+ } else {
+ $('.anonymous-no').show();
+ }
}).trigger('change');
- });
- </script>
+ });
+ </script> -->
+ <script type="text/javascript" src="{% static 'scipost/comment-preview.js' %}"></script>
{% endblock %}
<form enctype="multipart/form-data" {% if url %}action="{{url}}" {% endif %}method="post">
diff --git a/journals/templates/journals/manage_metadata.html b/journals/templates/journals/manage_metadata.html
index 8e53d9311c4478f8b2ea39602710b855bd91bd8d..1ca365f67001f8a877c441b97fd3362169117bae 100644
--- a/journals/templates/journals/manage_metadata.html
+++ b/journals/templates/journals/manage_metadata.html
@@ -3,16 +3,11 @@
{% block pagetitle %}: Manage metadata{% endblock pagetitle %}
{% load bootstrap %}
+{% load staticfiles %}
{% load journals_extras %}
{% block headsup %}
- <script type="text/javascript">
- $(document).ready(function($) {
- $(".table-row").click(function() {
- window.document.location = $(this).data("href");
- });
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/table-row.js' %}"></script>
{% endblock headsup %}
{% block breadcrumb_items %}
diff --git a/journals/templates/journals/publication_detail.html b/journals/templates/journals/publication_detail.html
index 96f656bb57cfd6a5a67e3b513b8d240b8cf1bea1..d82900b6abb0e848e0057f26f6fd41124ec076fc 100644
--- a/journals/templates/journals/publication_detail.html
+++ b/journals/templates/journals/publication_detail.html
@@ -37,15 +37,7 @@
<meta name="citation_pdf_url" content="https://scipost.org/{{ publication.doi_string }}/pdf"/>
<meta name="dc.identifier" content="doi:{{ publication.doi_string }}"/>
- <script>
- $(document).ready(function(){
- $("#citationslist").hide();
-
- $("#citationslistbutton").click(function(){
- $("#citationslist").toggle();
- });
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/citations-list.js' %}"></script>
{% endblock headsup %}
diff --git a/mails/templates/mails/mail_form.html b/mails/templates/mails/mail_form.html
index 3bf5ac609fdf8b2fb9aa0d82ee3ac9d1c581ada2..6e0ae91f322225d638799012f5e2ea9ffba5af2d 100644
--- a/mails/templates/mails/mail_form.html
+++ b/mails/templates/mails/mail_form.html
@@ -28,7 +28,6 @@
</form>
{% endblock content %}
-
{% block footer_script %}
{{ block.super }}
{{ form.media }}
diff --git a/organizations/templates/organizations/_organization_card.html b/organizations/templates/organizations/_organization_card.html
index 6d31fe52c0f33a17e00871dc8cb7dd502d6efae1..7ab832722419b6b1022f3aa2c06bde9f57966d12 100644
--- a/organizations/templates/organizations/_organization_card.html
+++ b/organizations/templates/organizations/_organization_card.html
@@ -1,16 +1,11 @@
{% load bootstrap %}
+{% load staticfiles %}
{% load guardian_tags %}
{% load user_groups %}
{% load organizations_extras %}
{% block headsup %}
- <script type="text/javascript">
- $(document).ready(function($) {
- $(".table-row").click(function() {
- window.document.location = $(this).data("href");
- });
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/table-row.js' %}"></script>
{% endblock headsup %}
{% is_scipost_admin request.user as is_scipost_admin %}
diff --git a/organizations/templates/organizations/dashboard.html b/organizations/templates/organizations/dashboard.html
index d1176626f4e79015c1584adc559f0bd99437fbb8..ae0ec3e343fc5cab5d5f8dfad14dbf8975086b18 100644
--- a/organizations/templates/organizations/dashboard.html
+++ b/organizations/templates/organizations/dashboard.html
@@ -1,17 +1,12 @@
{% extends 'organizations/base.html' %}
{% load bootstrap %}
+{% load staticfiles %}
{% block pagetitle %}: organizations dashboard{% endblock pagetitle %}
{% block headsup %}
- <script type="text/javascript">
- $(document).ready(function($) {
- $(".table-row").click(function() {
- window.document.location = $(this).data("href");
- });
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/table-row.js' %}"></script>
{% endblock headsup %}
{% block content %}
diff --git a/organizations/templates/organizations/organization_list.html b/organizations/templates/organizations/organization_list.html
index 6e770fb6fe7b0f0c93bce0035123b3e5d103d812..624d50391291e2c0320a736772697ed8d409984a 100644
--- a/organizations/templates/organizations/organization_list.html
+++ b/organizations/templates/organizations/organization_list.html
@@ -11,14 +11,7 @@
{% is_scipost_admin request.user as is_scipost_admin %}
{% block headsup %}
- <script type="text/javascript">
- $(document).ready(function($) {
- $(".table-row").click(function() {
- var addr = $(this).data("href");
- window.open(addr, "_blank");
- });
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/table-row-blank.js' %}"></script>
<link rel="stylesheet" href="{% static 'flags/sprite-hq.css' %}">
{% endblock headsup %}
diff --git a/scipost/static/scipost/citations-list.js b/scipost/static/scipost/citations-list.js
new file mode 100644
index 0000000000000000000000000000000000000000..9b5804a8dfc517f567fefa464a63a94746732104
--- /dev/null
+++ b/scipost/static/scipost/citations-list.js
@@ -0,0 +1,7 @@
+$(document).ready(function(){
+ $("#citationslist").hide();
+
+ $("#citationslistbutton").click(function(){
+ $("#citationslist").toggle();
+ });
+});
diff --git a/scipost/static/scipost/comment-preview.js b/scipost/static/scipost/comment-preview.js
new file mode 100644
index 0000000000000000000000000000000000000000..57c31bfc9f3240034da471f7b981e3eebbd30927
--- /dev/null
+++ b/scipost/static/scipost/comment-preview.js
@@ -0,0 +1,21 @@
+$(function(){
+ var comment_text_input = $("#id_comment_text");
+
+ comment_text_input.on('keyup', function(){
+ var new_text = $(this).val()
+ $("#preview-comment_text").text(new_text)
+ if( typeof MathJax.Hub !== 'undefined' ) {
+ MathJax.Hub.Queue(["Typeset",MathJax.Hub]);
+ }
+ }).trigger('keyup');
+
+ $('input[name$="anonymous"]').on('change', function() {
+ $('.anonymous-alert').show()
+ .children('h3').hide()
+ if ($(this).prop('checked')) {
+ $('.anonymous-yes').show();
+ } else {
+ $('.anonymous-no').show();
+ }
+ }).trigger('change');
+});
diff --git a/scipost/static/scipost/mathjax-config.js b/scipost/static/scipost/mathjax-config.js
new file mode 100644
index 0000000000000000000000000000000000000000..3668b5706e0f5ee9ee63eb344773e8ebde459f0b
--- /dev/null
+++ b/scipost/static/scipost/mathjax-config.js
@@ -0,0 +1,6 @@
+var MathJax = {
+ tex2jax: {
+ inlineMath: [['$','$'],['\\(','\\)']],
+ procesEscapes: true
+ }
+};
diff --git a/scipost/static/scipost/navbar-icon-toggle.js b/scipost/static/scipost/navbar-icon-toggle.js
new file mode 100644
index 0000000000000000000000000000000000000000..9156707ffea0cf597d01439d0e779879cb9c022f
--- /dev/null
+++ b/scipost/static/scipost/navbar-icon-toggle.js
@@ -0,0 +1,3 @@
+function navbarIconToggle(x) {
+ x.classList.toggle("change");
+}
diff --git a/scipost/static/scipost/search-header.js b/scipost/static/scipost/search-header.js
new file mode 100644
index 0000000000000000000000000000000000000000..9d953326c5109815c824672e5f5423cfaa785140
--- /dev/null
+++ b/scipost/static/scipost/search-header.js
@@ -0,0 +1,25 @@
+function searchHeader() {
+ document.getElementById("header-search-button").addEventListener("click", function(event){
+ if (document.documentElement.clientWidth > 768) {
+ event.preventDefault();
+ var x = document.getElementById("header-search-form");
+ if (x.style.display === "none") {
+ x.style.display = "block";
+ } else {
+ x.style.display = "none";
+ }
+ }
+ });
+
+ document.getElementById("header-search-close-btn").addEventListener("click", function(event){
+ var x = document.getElementById("header-search-form");
+ x.style.display = "none";
+ });
+
+ if (document.documentElement.clientWidth <= 768) {
+ // Force-close if form is prefilled.
+ var x = document.getElementById("header-search-form");
+ x.style.display = "none";
+ }
+}
+searchHeader();
diff --git a/scipost/static/scipost/table-row-blank.js b/scipost/static/scipost/table-row-blank.js
new file mode 100644
index 0000000000000000000000000000000000000000..75db4444a39fb1fcd9795952e7d4a1849a3fb6e4
--- /dev/null
+++ b/scipost/static/scipost/table-row-blank.js
@@ -0,0 +1,6 @@
+$(document).ready(function($) {
+ $(".table-row").click(function() {
+ var addr = $(this).data("href");
+ window.open(addr, "_blank");
+ });
+});
diff --git a/scipost/static/scipost/table-row.js b/scipost/static/scipost/table-row.js
new file mode 100644
index 0000000000000000000000000000000000000000..3e4dfac555c4360487a9a5a65f61968be75fd580
--- /dev/null
+++ b/scipost/static/scipost/table-row.js
@@ -0,0 +1,5 @@
+$(document).ready(function($) {
+ $(".table-row").click(function() {
+ window.document.location = $(this).data("href");
+ });
+});
diff --git a/scipost/templates/scipost/bare_base.html b/scipost/templates/scipost/bare_base.html
index 460b1a623df3043d33a716a2c421b881a0382876..0fe4a60b8fd8798c585fdd991bed9a66f0e41bf4 100644
--- a/scipost/templates/scipost/bare_base.html
+++ b/scipost/templates/scipost/bare_base.html
@@ -50,14 +50,15 @@
});
</script>
<script type="text/javascript" async src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=TeX-MML-AM_CHTML"></script> -->
- <script>
- var MathJax = {
+ <!-- <script>
+ var MathJax = {
tex2jax: {
- inlineMath: [['$','$'],['\\(','\\)']],
- procesEscapes: true
+ inlineMath: [['$','$'],['\\(','\\)']],
+ procesEscapes: true
}
- };
- </script>
+ };
+ </script> -->
+ <script type="text/javascript" src="{% static 'scipost/mathjax-config.js' %}"></script>
<script type="text/javascript" async src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=TeX-MML-AM_CHTML"></script>
{% render_bundle 'main' 'js' %}
diff --git a/scipost/templates/scipost/header.html b/scipost/templates/scipost/header.html
index 75d81553444001be75f360ebfe9baf5964eb0f04..327931b7b5559f81640c01277bf061bd0951792d 100644
--- a/scipost/templates/scipost/header.html
+++ b/scipost/templates/scipost/header.html
@@ -31,33 +31,7 @@
</ul>
</div>
- <script type="text/javascript">
- function searchHeader() {
- document.getElementById("header-search-button").addEventListener("click", function(event){
- if (document.documentElement.clientWidth > 768) {
- event.preventDefault();
- var x = document.getElementById("header-search-form");
- if (x.style.display === "none") {
- x.style.display = "block";
- } else {
- x.style.display = "none";
- }
- }
- });
-
- document.getElementById("header-search-close-btn").addEventListener("click", function(event){
- var x = document.getElementById("header-search-form");
- x.style.display = "none";
- });
-
- if (document.documentElement.clientWidth <= 768) {
- // Force-close if form is prefilled.
- var x = document.getElementById("header-search-form");
- x.style.display = "none";
- }
- }
- searchHeader();
- </script>
+ <script type="text/javascript" src="{% static 'scipost/search-header.js' %}"></script>
{% comment %}
<div id="search-header">
diff --git a/scipost/templates/scipost/navbar.html b/scipost/templates/scipost/navbar.html
index 9c99b89d81157562473cd2ceb5ee72e89b4d9b20..5e51c8b3ce00aee7bdaf436af735a2ba12399d04 100644
--- a/scipost/templates/scipost/navbar.html
+++ b/scipost/templates/scipost/navbar.html
@@ -247,9 +247,4 @@
</div>
</nav>
-<script>
- function navbarIconToggle(x) {
- x.classList.toggle("change");
- }
-
-</script>
+<script type="text/javascript" src="{% static 'scipost/navbar-icon-toggle.js' %}"></script>