From 745355b28ef1c16b4befd08df87961e3fe24cc65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-S=C3=A9bastien=20Caux?= <git@jscaux.org>
Date: Sun, 31 Oct 2021 15:35:54 +0100
Subject: [PATCH] Make portal page CSP-friendlier

---
 .../scipost/templates/scipost/navbar2.html    |  5 ++--
 .../scipost/portal/_hx_publications.html      |  2 +-
 .../scipost/portal/_hx_submissions_base.html  |  2 +-
 .../templates/scipost/portal/portal.html      | 25 ++++++++++++++-----
 4 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/scipost_django/scipost/templates/scipost/navbar2.html b/scipost_django/scipost/templates/scipost/navbar2.html
index 97286a44b..924d734d8 100644
--- a/scipost_django/scipost/templates/scipost/navbar2.html
+++ b/scipost_django/scipost/templates/scipost/navbar2.html
@@ -25,9 +25,10 @@
         </li>
 
 	<li class="nav-item{% if 'portal' in request.path %} active{% endif %}">
-          <a href="{% url 'scipost:portal' %}" class="nav-link" aria-label="Portal">
+          <a href="{% url 'scipost:portal' %}" class="nav-link" aria-label="Portal"
+	  data-bs-toggle="tooltip" title="Academic Portal">
             <span class="d-none d-lg-inline-block" aria-hidden="true" style="min-width: 16px;">{% include 'bi/person-workspace.html' %}</span>
-            <span class="d-lg-none d-inline-block">Academic portal</span>
+            <span class="d-lg-none d-inline-block">Academic Portal</span>
           </a>
         </li>
 
diff --git a/scipost_django/scipost/templates/scipost/portal/_hx_publications.html b/scipost_django/scipost/templates/scipost/portal/_hx_publications.html
index 35ec7e205..ecf18fd81 100644
--- a/scipost_django/scipost/templates/scipost/portal/_hx_publications.html
+++ b/scipost_django/scipost/templates/scipost/portal/_hx_publications.html
@@ -54,7 +54,7 @@
 
 
 {% block footer_script %}
-  <script nonce="{{ requeest.csp_nonce }}">
+  <script nonce="{{ request.csp_nonce }}">
     /* If Proceedings is chosen as Journal, display Proceedings selector */
     document.getElementById("id_journal").addEventListener("change", () => {
     var e = document.getElementById("id_journal")
diff --git a/scipost_django/scipost/templates/scipost/portal/_hx_submissions_base.html b/scipost_django/scipost/templates/scipost/portal/_hx_submissions_base.html
index 2ec2ec1e4..264eb6b33 100644
--- a/scipost_django/scipost/templates/scipost/portal/_hx_submissions_base.html
+++ b/scipost_django/scipost/templates/scipost/portal/_hx_submissions_base.html
@@ -52,7 +52,7 @@
 
 
 {% block footer_script %}
-  <script nonce="{{ requeest.csp_nonce }}">
+  <script nonce="{{ request.csp_nonce }}">
     /* If Proceedings is chosen as Journal, display Proceedings selector */
     document.getElementById("id_submitted_to").addEventListener("change", () => {
     var e = document.getElementById("id_submitted_to")
diff --git a/scipost_django/scipost/templates/scipost/portal/portal.html b/scipost_django/scipost/templates/scipost/portal/portal.html
index 5402f3892..6ead6ddb2 100644
--- a/scipost_django/scipost/templates/scipost/portal/portal.html
+++ b/scipost_django/scipost/templates/scipost/portal/portal.html
@@ -1,5 +1,18 @@
 {% extends 'scipost/base.html' %}
 
+{% block headsup %}
+
+  <script nonce="{{ request.csp_nonce }}">
+    function isElementByIdActive(id)  {
+    if (e = document.getElementById(id)) {
+    return e.classList.contains('active')
+    }
+    return false
+    }
+  </script>
+
+{% endblock headsup %}
+
 {% load render_bundle from webpack_loader %}
 {% load static %}
 
@@ -85,7 +98,7 @@
     <div class="tab-pane fade" id="journals"
 	 role="tabpanel" aria-labelledby="journals-tab">
       <div hx-get="{% url 'scipost:portal_hx_journals' %}"
-	   hx-trigger="click from:#journals-tab, session-acad-field-set[document.getElementById('journals').classList.contains('active')] from:body"
+	   hx-trigger="click from:#journals-tab, session-acad-field-set[isElementByIdActive('journals')] from:body"
       >
       </div>
     </div>
@@ -93,7 +106,7 @@
     <div class="tab-pane fade show active" id="publications"
 	 role="tabpanel" aria-labelledby="publications-tab">
       <div hx-get="{% url 'scipost:portal_hx_publications' %}"
-	   hx-trigger="load, click from:#publications-tab, session-acad-field-set[document.getElementById('publications').classList.contains('active')] from:body, session-specialty-set[document.getElementById('publications').classList.contains('active')] from:body"
+	   hx-trigger="load, click from:#publications-tab, session-acad-field-set[isElementByIdActive('publications')] from:body, session-specialty-set[isElementByIdActive('publications')] from:body"
       >
       </div>
     </div>
@@ -101,7 +114,7 @@
     <div class="tab-pane fade" id="submissions"
 	 role="tabpanel" aria-labelledby="submissions-tab">
       <div hx-get="{% url 'scipost:portal_hx_submissions' %}"
-	   hx-trigger="click from:#submissions-tab, session-acad-field-set[document.getElementById('submissions').classList.contains('active')] from:body, session-specialty-set[document.getElementById('submissions').classList.contains('active')] from:body"
+	   hx-trigger="click from:#submissions-tab, session-acad-field-set[isElementByIdActive('submissions')] from:body, session-specialty-set[isElementByIdActive('submissions')] from:body"
       >
       </div>
     </div>
@@ -109,7 +122,7 @@
     <div class="tab-pane fade" id="reports-needed"
 	 role="tabpanel" aria-labelledby="reports-needed-tab">
       <div hx-get="{% url 'scipost:portal_hx_submissions' %}?reports_needed=1"
-	   hx-trigger="click from:#reports-needed-tab, session-acad-field-set[document.getElementById('reports-needed').classList.contains('active')] from:body, session-specialty-set[document.getElementById('reports-needed').classList.contains('active')] from:body"
+	   hx-trigger="click from:#reports-needed-tab, session-acad-field-set[isElementByIdActive('reports-needed')] from:body, session-specialty-set[isElementByIdActive('reports-needed')] from:body"
       >
       </div>
     </div>
@@ -117,7 +130,7 @@
     <div class="tab-pane fade" id="reports"
 	 role="tabpanel" aria-labelledby="reports-tab">
       <div hx-get="{% url 'scipost:portal_hx_reports' %}"
-	   hx-trigger="click from:#reports-tab, session-acad-field-set[document.getElementById('reports').classList.contains('active')] from:body, session-specialty-set[document.getElementById('reports').classList.contains('active')] from:body"
+	   hx-trigger="click from:#reports-tab, session-acad-field-set[isElementByIdActive('reports')] from:body, session-specialty-set[isElementByIdActive('reports')] from:body"
       >
       </div>
     </div>
@@ -125,7 +138,7 @@
     <div class="tab-pane fade" id="comments"
 	 role="tabpanel" aria-labelledby="comments-tab">
       <div hx-get="{% url 'scipost:portal_hx_comments' %}"
-	   hx-trigger="click from:#comments-tab, session-acad-field-set[document.getElementById('comments').classList.contains('active')] from:body, session-specialty-set[document.getElementById('comments').classList.contains('active')] from:body"
+	   hx-trigger="click from:#comments-tab, session-acad-field-set[isElementByIdActive('comments')] from:body, session-specialty-set[isElementByIdActive('comments')] from:body"
       >
       </div>
     </div>
-- 
GitLab