[GEOS-11379] Refactor inline JavaScript in the OGC API modules #7587
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR moves the inline JavaScript in all of the OGC API community modules into external files. This PR is related to Content-Security-Policy work for GeoServer 2.26.0 and should NOT be backported.
All Java inputs that were previously written directly into the script tag are now written to hidden input fields that the external JavaScript file will read. Enabling HTML escaping was necessary to not introduce new vulnerabilities with this PR but that also required changing how the pagecrumbs are initialized everywhere.
This PR uses the new webresources path added to gs-main by #7554 which does not affect unit tests but is required if attempting to manually run GeoServer with these changes.
Checklist
main
branch (backports managed later; ignore for branch specific issues).For core and extension modules:
[GEOS-XYZWV] Title of the Jira ticket
.