From 94b585283c199d75d358875700ffead0d45d8c04 Mon Sep 17 00:00:00 2001
From: "J.-S. Caux" <J.S.Caux@uva.nl>
Date: Mon, 6 May 2019 20:04:14 +0200
Subject: [PATCH] CSP work: move script blocks to static files, or use nonce
---
forums/templates/forums/forum_form.html | 12 ++-----
helpdesk/templates/helpdesk/queue_form.html | 12 ++-----
.../journals/manage_comment_metadata.html | 9 ++----
.../journals/manage_report_metadata.html | 9 ++----
ontology/templates/ontology/_topic_card.html | 2 +-
ontology/templates/ontology/topic_form.html | 12 ++-----
scipost/static/scipost/accordion-focusin.js | 5 +++
.../static/scipost/assignment-request-form.js | 10 ++++++
.../scipost/referee-accept-or-refuse.js | 10 ++++++
scipost/static/scipost/remark-form.js | 11 +++++++
scipost/static/scipost/report-compile.js | 28 ++++++++++++++++
scipost/static/scipost/slugify-name.js | 6 ++++
scipost/static/scipost/submission-form.js | 15 +++++++++
scipost/static/scipost/vet-registration.js | 9 ++++++
scipost/static/scipost/vet-report.js | 10 ++++++
.../scipost/vet_registration_requests.html | 17 +++-------
.../partials/submissions/admin/conflicts.html | 2 +-
.../pool/submission_assignment_request.html | 15 ++-------
.../partials/submissions/remark_form.html | 17 ++--------
.../admin/report_compile_form.html | 32 ++-----------------
.../referee_invitations_decline.html | 20 +++---------
.../submissions/referee_invitations_form.html | 18 +++--------
.../submissions/submission_form.html | 21 ++----------
.../treated_submission_pdf_compile.html | 32 ++-----------------
.../submissions/vet_submitted_report.html | 14 ++------
25 files changed, 142 insertions(+), 206 deletions(-)
create mode 100644 scipost/static/scipost/accordion-focusin.js
create mode 100644 scipost/static/scipost/assignment-request-form.js
create mode 100644 scipost/static/scipost/referee-accept-or-refuse.js
create mode 100644 scipost/static/scipost/remark-form.js
create mode 100644 scipost/static/scipost/report-compile.js
create mode 100644 scipost/static/scipost/slugify-name.js
create mode 100644 scipost/static/scipost/submission-form.js
create mode 100644 scipost/static/scipost/vet-registration.js
create mode 100644 scipost/static/scipost/vet-report.js
diff --git a/forums/templates/forums/forum_form.html b/forums/templates/forums/forum_form.html
index e79540359..4e1feb960 100644
--- a/forums/templates/forums/forum_form.html
+++ b/forums/templates/forums/forum_form.html
@@ -1,18 +1,10 @@
{% extends 'forums/base.html' %}
{% load bootstrap %}
+{% load staticfiles %}
{% block headsup %}
- <script>
- $(document).ready(function() {
-
- $("#id_name").keyup(function() {
- slug_value = this.value.split(" ").join("_");
- $("#id_slug").val(slug_value);
- });
-
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/slugify-name.js' %}"></script>
{% endblock headsup %}
{% block breadcrumb_items %}
diff --git a/helpdesk/templates/helpdesk/queue_form.html b/helpdesk/templates/helpdesk/queue_form.html
index 30d20be2f..2ecf9ee0b 100644
--- a/helpdesk/templates/helpdesk/queue_form.html
+++ b/helpdesk/templates/helpdesk/queue_form.html
@@ -1,18 +1,10 @@
{% extends 'helpdesk/base.html' %}
{% load bootstrap %}
+{% load staticfiles %}
{% block headsup %}
- <script>
- $(document).ready(function() {
-
- $("#id_name").keyup(function() {
- slug_value = this.value.split(" ").join("_");
- $("#id_slug").val(slug_value);
- });
-
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/slugify-name.js' %}"></script>
{% endblock headsup %}
{% block breadcrumb_items %}
diff --git a/journals/templates/journals/manage_comment_metadata.html b/journals/templates/journals/manage_comment_metadata.html
index 5d4e3e286..1a3078e5b 100644
--- a/journals/templates/journals/manage_comment_metadata.html
+++ b/journals/templates/journals/manage_comment_metadata.html
@@ -3,16 +3,11 @@
{% block pagetitle %}: Manage Comment metadata{% endblock pagetitle %}
{% load bootstrap %}
+{% load staticfiles %}
{% load journals_extras %}
-<script>
- $(function() {
- $( "#accordion" ).accordion({
- event: "focusin"
- });
- });
-</script>
+<script type="text/javascript" src="{% static 'scipost/accordion-focusin.js' %}"></script>
{% block breadcrumb_items %}
{{block.super}}
diff --git a/journals/templates/journals/manage_report_metadata.html b/journals/templates/journals/manage_report_metadata.html
index 4cd784e34..170db85f2 100644
--- a/journals/templates/journals/manage_report_metadata.html
+++ b/journals/templates/journals/manage_report_metadata.html
@@ -3,16 +3,11 @@
{% block pagetitle %}: Manage Report metadata{% endblock pagetitle %}
{% load bootstrap %}
+{% load staticfiles %}
{% load journals_extras %}
-<script>
- $(function() {
- $( "#accordion" ).accordion({
- event: "focusin"
- });
- });
-</script>
+<script type="text/javascript" src="{% static 'scipost/accordion-focusin.js' %}"></script>
{% block breadcrumb_items %}
{{block.super}}
diff --git a/ontology/templates/ontology/_topic_card.html b/ontology/templates/ontology/_topic_card.html
index 82418e56b..360a46aeb 100644
--- a/ontology/templates/ontology/_topic_card.html
+++ b/ontology/templates/ontology/_topic_card.html
@@ -2,7 +2,7 @@
{% load profiles_extras %}
-<script>
+<script type="text/javascript" nonce="{{ request.csp_nonce }}">
$(document).ready(function() {
$("#id_A_text").keyup(function() {
$("#id_B_text").val("{{ topic }}");
diff --git a/ontology/templates/ontology/topic_form.html b/ontology/templates/ontology/topic_form.html
index 9b02a0173..2f2e51487 100644
--- a/ontology/templates/ontology/topic_form.html
+++ b/ontology/templates/ontology/topic_form.html
@@ -1,18 +1,10 @@
{% extends 'ontology/base.html' %}
{% load bootstrap %}
+{% load staticfiles %}
{% block headsup %}
- <script>
- $(document).ready(function() {
-
- $("#id_name").keyup(function() {
- slug_value = this.value.split(" ").join("_");
- $("#id_slug").val(slug_value);
- });
-
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/slugify-name.js' %}"></script>
{% endblock headsup %}
{% block breadcrumb_items %}
diff --git a/scipost/static/scipost/accordion-focusin.js b/scipost/static/scipost/accordion-focusin.js
new file mode 100644
index 000000000..af2887dc7
--- /dev/null
+++ b/scipost/static/scipost/accordion-focusin.js
@@ -0,0 +1,5 @@
+$(function() {
+ $( "#accordion" ).accordion({
+ event: "focusin"
+ });
+});
diff --git a/scipost/static/scipost/assignment-request-form.js b/scipost/static/scipost/assignment-request-form.js
new file mode 100644
index 000000000..8e815eb3b
--- /dev/null
+++ b/scipost/static/scipost/assignment-request-form.js
@@ -0,0 +1,10 @@
+$(function() {
+ $('[name="accept"]').on('change', function() {
+ var val = $('[name="accept"]:checked').val();
+ if(val == 'True') {
+ $('#ref_reason').hide();
+ } else {
+ $('#ref_reason').show();
+ }
+ }).trigger('change');
+});
diff --git a/scipost/static/scipost/referee-accept-or-refuse.js b/scipost/static/scipost/referee-accept-or-refuse.js
new file mode 100644
index 000000000..8bd1a0e9e
--- /dev/null
+++ b/scipost/static/scipost/referee-accept-or-refuse.js
@@ -0,0 +1,10 @@
+$(document).ready(function(){
+ $('[name="accept"]').on('change', function() {
+ if($('[name="accept"]:checked').val() == 'False') {
+ $('#id_refusal_reason').parents('.form-group').show();
+ }
+ else {
+ $('#id_refusal_reason').parents('.form-group').hide();
+ }
+ }).trigger('change');
+});
diff --git a/scipost/static/scipost/remark-form.js b/scipost/static/scipost/remark-form.js
new file mode 100644
index 000000000..08ab462c5
--- /dev/null
+++ b/scipost/static/scipost/remark-form.js
@@ -0,0 +1,11 @@
+$(document).ready(function(){
+ $('#ref_reason').hide();
+ $('#id_accept').on('change', function() {
+ if ($('#id_accept_1').is(':checked')) {
+ $('#ref_reason').show();
+ }
+ else {
+ $('#ref_reason').hide();
+ }
+ });
+});
diff --git a/scipost/static/scipost/report-compile.js b/scipost/static/scipost/report-compile.js
new file mode 100644
index 000000000..3984ee3a3
--- /dev/null
+++ b/scipost/static/scipost/report-compile.js
@@ -0,0 +1,28 @@
+jQuery.fn.selectText = function(){
+ this.find('input').each(function() {
+ if($(this).prev().length == 0 || !$(this).prev().hasClass('p_copy')) {
+ $('<p class="p_copy" style="position: absolute; z-index: -1;"></p>').insertBefore($(this));
+ }
+ $(this).prev().html($(this).val());
+ });
+ var doc = document;
+ var element = this[0];
+
+ if (doc.body.createTextRange) {
+ var range = document.body.createTextRange();
+ range.moveToElementText(element);
+ range.select();
+ } else if (window.getSelection) {
+ var selection = window.getSelection();
+ var range = document.createRange();
+ range.selectNodeContents(element);
+ selection.removeAllRanges();
+ selection.addRange(range);
+ }
+};
+
+$(function() {
+ $('.clickfocus').on('click', function() {
+ $(this).find('code').selectText();
+ });
+});
diff --git a/scipost/static/scipost/slugify-name.js b/scipost/static/scipost/slugify-name.js
new file mode 100644
index 000000000..21abef48e
--- /dev/null
+++ b/scipost/static/scipost/slugify-name.js
@@ -0,0 +1,6 @@
+$(document).ready(function() {
+ $("#id_name").keyup(function() {
+ slug_value = this.value.split(" ").join("_");
+ $("#id_slug").val(slug_value);
+ });
+});
diff --git a/scipost/static/scipost/submission-form.js b/scipost/static/scipost/submission-form.js
new file mode 100644
index 000000000..bd36b328a
--- /dev/null
+++ b/scipost/static/scipost/submission-form.js
@@ -0,0 +1,15 @@
+$(document).ready(function(){
+ $('select#id_submitted_to').on('change', function (){
+ var selection = $(this).val();
+ $("#id_proceedings, #id_submission_type").parents('.form-group').hide()
+
+ switch(selection){
+ case "{{ id_SciPostPhys }}":
+ $("#id_submission_type").parents('.form-group').show()
+ break;
+ case "{{ id_SciPostPhysProc }}":
+ $("#id_proceedings").parents('.form-group').show()
+ break;
+ }
+ }).trigger('change');
+});
diff --git a/scipost/static/scipost/vet-registration.js b/scipost/static/scipost/vet-registration.js
new file mode 100644
index 000000000..ba4d279b3
--- /dev/null
+++ b/scipost/static/scipost/vet-registration.js
@@ -0,0 +1,9 @@
+$(function() {
+ $('[name="decision"]').on('click change', function(){
+ if($(this).filter(':checked').val() == 'False') {
+ $('#id_refusal_reason, #id_email_response_field').parents('.form-group').show();
+ } else {
+ $('#id_refusal_reason, #id_email_response_field').parents('.form-group').hide();
+ }
+ }).trigger('change');
+});
diff --git a/scipost/static/scipost/vet-report.js b/scipost/static/scipost/vet-report.js
new file mode 100644
index 000000000..9acf74c10
--- /dev/null
+++ b/scipost/static/scipost/vet-report.js
@@ -0,0 +1,10 @@
+$(document).ready(function(){
+ $('[name="action_option"]').on('change', function() {
+ if ($('[name="action_option"][value="refuse"]').is(':checked')) {
+ $('#refusal').show();
+ }
+ else {
+ $('#refusal').hide();
+ }
+ }).trigger('change');
+});
diff --git a/scipost/templates/scipost/vet_registration_requests.html b/scipost/templates/scipost/vet_registration_requests.html
index 8f8bc98af..ae1eaa7bd 100644
--- a/scipost/templates/scipost/vet_registration_requests.html
+++ b/scipost/templates/scipost/vet_registration_requests.html
@@ -3,6 +3,11 @@
{% block pagetitle %}: registrations to vet{% endblock pagetitle %}
{% load bootstrap %}
+{% load staticfiles %}
+
+{% block headsup %}
+ <script type="text/javascript" src="{% static 'scipost/vet-registration.js' %}"></script>
+{% endblock %}
{% block breadcrumb_items %}
{{block.super}}
@@ -11,18 +16,6 @@
{% block content %}
- <script>
- $(function() {
- $('[name="decision"]').on('click change', function(){
- if($(this).filter(':checked').val() == 'False') {
- $('#id_refusal_reason, #id_email_response_field').parents('.form-group').show();
- } else {
- $('#id_refusal_reason, #id_email_response_field').parents('.form-group').hide();
- }
- }).trigger('change');
- });
- </script>
-
<div class="row">
<div class="col-12">
<div class="card bg-light">
diff --git a/submissions/templates/partials/submissions/admin/conflicts.html b/submissions/templates/partials/submissions/admin/conflicts.html
index 9e8938381..517fc6608 100644
--- a/submissions/templates/partials/submissions/admin/conflicts.html
+++ b/submissions/templates/partials/submissions/admin/conflicts.html
@@ -40,7 +40,7 @@
{% block footer_script %}
- <script>
+ <script type="text/javascript" nonce="{{ request.csp_nonce }}">
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
diff --git a/submissions/templates/partials/submissions/pool/submission_assignment_request.html b/submissions/templates/partials/submissions/pool/submission_assignment_request.html
index 251022352..09adc7075 100644
--- a/submissions/templates/partials/submissions/pool/submission_assignment_request.html
+++ b/submissions/templates/partials/submissions/pool/submission_assignment_request.html
@@ -1,5 +1,5 @@
{% load bootstrap %}
-
+{% load staticfiles %}
{% include 'partials/submissions/submission_summary.html' with submission=assignment.submission show_abstract=1 %}
@@ -23,15 +23,4 @@
</form>
-<script>
- $(function() {
- $('[name="accept"]').on('change', function() {
- var val = $('[name="accept"]:checked').val();
- if(val == 'True') {
- $('#ref_reason').hide();
- } else {
- $('#ref_reason').show();
- }
- }).trigger('change');
- });
-</script>
+<script type="text/javascript" src="{% static 'scipost/assignment-request-form.js' %}"></script>
diff --git a/submissions/templates/partials/submissions/remark_form.html b/submissions/templates/partials/submissions/remark_form.html
index c4cf21691..a4da8a7fe 100644
--- a/submissions/templates/partials/submissions/remark_form.html
+++ b/submissions/templates/partials/submissions/remark_form.html
@@ -1,20 +1,7 @@
{% load bootstrap %}
+{% load staticfiles %}
-<script>
- $(document).ready(function(){
- $('#ref_reason').hide();
-
- $('#id_accept').on('change', function() {
- if ($('#id_accept_1').is(':checked')) {
- $('#ref_reason').show();
- }
- else {
- $('#ref_reason').hide();
- }
- });
-
- });
-</script>
+<script type="text/javascript" src="{% static 'scipost/remark-form.js' %}"></script>
{% if auto_show %}
<form action="{% url 'submissions:add_remark' submission.preprint.identifier_w_vn_nr %}" method="post" class="pb-2">
diff --git a/submissions/templates/submissions/admin/report_compile_form.html b/submissions/templates/submissions/admin/report_compile_form.html
index 5db804257..a3b602637 100644
--- a/submissions/templates/submissions/admin/report_compile_form.html
+++ b/submissions/templates/submissions/admin/report_compile_form.html
@@ -3,6 +3,7 @@
{% block pagetitle %}: Upload Report PDF{% endblock pagetitle %}
{% load bootstrap %}
+{% load staticfiles %}
{% block breadcrumb_items %}
{{block.super}}
@@ -40,35 +41,6 @@
</div>
</div>
- <script>
- jQuery.fn.selectText = function(){
- this.find('input').each(function() {
- if($(this).prev().length == 0 || !$(this).prev().hasClass('p_copy')) {
- $('<p class="p_copy" style="position: absolute; z-index: -1;"></p>').insertBefore($(this));
- }
- $(this).prev().html($(this).val());
- });
- var doc = document;
- var element = this[0];
-
- if (doc.body.createTextRange) {
- var range = document.body.createTextRange();
- range.moveToElementText(element);
- range.select();
- } else if (window.getSelection) {
- var selection = window.getSelection();
- var range = document.createRange();
- range.selectNodeContents(element);
- selection.removeAllRanges();
- selection.addRange(range);
- }
- };
-
- $(function() {
- $('.clickfocus').on('click', function() {
- $(this).find('code').selectText();
- });
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/report-compile.js' %}"></script>
{% endblock %}
diff --git a/submissions/templates/submissions/referee_invitations_decline.html b/submissions/templates/submissions/referee_invitations_decline.html
index ae19ee5a4..7c9858390 100644
--- a/submissions/templates/submissions/referee_invitations_decline.html
+++ b/submissions/templates/submissions/referee_invitations_decline.html
@@ -3,23 +3,13 @@
{% block pagetitle %}: decline refereeing invitation{% endblock pagetitle %}
{% load bootstrap %}
+{% load staticfiles %}
-{% block content %}
-
- <script>
- $(document).ready(function(){
-
- $('[name="accept"]').on('change', function() {
- if($('[name="accept"]:checked').val() == 'False') {
- $('#id_refusal_reason').parents('.form-group').show();
- }
- else {
- $('#id_refusal_reason').parents('.form-group').hide();
- }
- }).trigger('change');
- });
- </script>
+{% block headsup %}
+ <script type="text/javascript" src="{% static 'scipost/referee-accept-or-refuse.js' %}"></script>
+{% endblock %}
+{% block content %}
<div class="row">
<div class="col-12">
diff --git a/submissions/templates/submissions/referee_invitations_form.html b/submissions/templates/submissions/referee_invitations_form.html
index c21e95377..77fdacf69 100644
--- a/submissions/templates/submissions/referee_invitations_form.html
+++ b/submissions/templates/submissions/referee_invitations_form.html
@@ -3,7 +3,11 @@
{% block pagetitle %}: accept or decline refereeing invitations{% endblock pagetitle %}
{% load bootstrap %}
+{% load staticfiles %}
+{% block headsup %}
+ <script type="text/javascript" src="{% static 'scipost/referee-accept-or-refuse.js' %}"></script>
+{% endblock %}
{% block breadcrumb_items %}
{{ block.super }}
@@ -12,20 +16,6 @@
{% block content %}
- <script>
- $(document).ready(function(){
- $('[name="accept"]').on('change', function() {
- if($('[name="accept"]:checked').val() == 'False') {
- $('#id_refusal_reason').parents('.form-group').show();
- }
- else {
- $('#id_refusal_reason').parents('.form-group').hide();
- }
- }).trigger('change');
- });
- </script>
-
-
{% if not invitation %}
<div class="row">
<div class="col-12">
diff --git a/submissions/templates/submissions/submission_form.html b/submissions/templates/submissions/submission_form.html
index c328c5429..32c1b4c02 100644
--- a/submissions/templates/submissions/submission_form.html
+++ b/submissions/templates/submissions/submission_form.html
@@ -3,6 +3,7 @@
{% block pagetitle %}: submit manuscript{% endblock pagetitle %}
{% load bootstrap %}
+{% load staticfiles %}
{% block breadcrumb_items %}
{{ block.super }}
@@ -10,25 +11,7 @@
{% endblock %}
{% block footer_script %}
- <script>
-
- $(document).ready(function(){
-
- $('select#id_submitted_to').on('change', function (){
- var selection = $(this).val();
- $("#id_proceedings, #id_submission_type").parents('.form-group').hide()
-
- switch(selection){
- case "{{ id_SciPostPhys }}":
- $("#id_submission_type").parents('.form-group').show()
- break;
- case "{{ id_SciPostPhysProc }}":
- $("#id_proceedings").parents('.form-group').show()
- break;
- }
- }).trigger('change');
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/submission-form.js' %}"></script>
{% endblock %}
{% block content %}
diff --git a/submissions/templates/submissions/treated_submission_pdf_compile.html b/submissions/templates/submissions/treated_submission_pdf_compile.html
index e4da94d6f..2a4e15693 100644
--- a/submissions/templates/submissions/treated_submission_pdf_compile.html
+++ b/submissions/templates/submissions/treated_submission_pdf_compile.html
@@ -3,6 +3,7 @@
{% block pagetitle %}: Upload Submission Refereeing PDF{% endblock pagetitle %}
{% load bootstrap %}
+{% load staticfiles %}
{% block breadcrumb_items %}
{{block.super}}
@@ -49,35 +50,6 @@
</div>
</div>
- <script>
- jQuery.fn.selectText = function(){
- this.find('input').each(function() {
- if($(this).prev().length == 0 || !$(this).prev().hasClass('p_copy')) {
- $('<p class="p_copy" style="position: absolute; z-index: -1;"></p>').insertBefore($(this));
- }
- $(this).prev().html($(this).val());
- });
- var doc = document;
- var element = this[0];
-
- if (doc.body.createTextRange) {
- var range = document.body.createTextRange();
- range.moveToElementText(element);
- range.select();
- } else if (window.getSelection) {
- var selection = window.getSelection();
- var range = document.createRange();
- range.selectNodeContents(element);
- selection.removeAllRanges();
- selection.addRange(range);
- }
- };
-
- $(function() {
- $('.clickfocus').on('click', function() {
- $(this).find('code').selectText();
- });
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/report-compile.js' %}"></script>
{% endblock %}
diff --git a/submissions/templates/submissions/vet_submitted_report.html b/submissions/templates/submissions/vet_submitted_report.html
index f0cc83be9..1f36bdc83 100644
--- a/submissions/templates/submissions/vet_submitted_report.html
+++ b/submissions/templates/submissions/vet_submitted_report.html
@@ -3,20 +3,10 @@
{% block pagetitle %}: vet reports{% endblock pagetitle %}
{% load bootstrap %}
+{% load staticfiles %}
{% block headsup %}
- <script>
- $(document).ready(function(){
- $('[name="action_option"]').on('change', function() {
- if ($('[name="action_option"][value="refuse"]').is(':checked')) {
- $('#refusal').show();
- }
- else {
- $('#refusal').hide();
- }
- }).trigger('change');
- });
- </script>
+ <script type="text/javascript" src="{% static 'scipost/vet-report.js' %}"></script>
{% endblock headsup %}
{% block breadcrumb_items %}
--
GitLab