Conversation
* feat: support CSP nonce on dynamically injected style elements Add getNonce() utility that reads CSP nonce from <meta property="csp-nonce"> or __webpack_nonce__, and apply it to <style> elements injected by usePress and usePreventScroll. This fixes CSP violations when a strict style-src directive is in effect. Fixes #8273 * fix: add globalThis ESLint global to getNonce test file The .js test file was missing globalThis in ESLint globals since the TypeScript config block (which declares it) only applies to .ts/.tsx files. This resolves the no-undef lint failure. * fix: use type guard, cache nonce, and add globalThis ESLint global Address review feedback: - Replace type cast with instanceof type guard via getOwnerWindow - Cache nonce result for repeated calls without explicit doc arg - Add globalThis to ESLint globals to fix lint failure * fix: reset nonce cache between tests Add resetNonceCache() export and call it in afterEach to prevent cached values from leaking across test runs. * fix: remove redundant globalThis inline global directive globalThis is already declared in eslint.config.mjs globals, so the /* global globalThis */ comment triggers no-redeclare. * fix: use WeakMap for nonce caching to support multiple documents - Replace module-level cache with WeakMap<Document, string | undefined> so each document gets its own cached nonce (supports iframes) - Remove resetNonceCache from public API (only needed for tests) - Import resetNonceCache directly from source in test file * fix: remove redundant optional chaining and add comprehensive tests Remove unnecessary ?. operators after null guard in getNonce, and add tests for nonce/content priority, caching behavior, cache reset, empty string handling, and content fallback. * fix: check document window for __webpack_nonce__ and don't cache misses Extract getWebpackNonce() helper that checks the document's owning window before falling back to globalThis, supporting iframe scenarios. Only cache defined nonce values so late-arriving nonces are detected. Add tests for no-cache-on-miss, late meta detection, and per-window webpack nonce resolution.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )