-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pagy_nav_bootstrap_responsive and CSP unsafe-inline #52
Comments
Hi @Bahanix. Yeah, the inline script maybe a little brutal, I know :) Of course your PR would be welcome! However, please, keep in mind this 2 concepts:
If you have different possible alternative about how to implement it, please, feel free to discuss it in the chat in advance. Thanks! |
What about using a |
Actually, the only advantage of a We could create a window.addEventListener("turbolinks:load", PagyReponsiveLoad) That will break the current implementation and require to write an extra line, but it would be quite easy to use. Waiting for your PR ;) |
My WIP: Bahanix@dc0f24e I had to replace a lot of simple-quotes and double-quotes since valid JSON need double-quotes for strings and keys to be parsed through For testing purpose, I am writting the JS part in my app before adding it in Pagy: Array.from(document.getElementsByClassName("pagy-responsive")).forEach(function(pagination) {
PagyResponsive.apply(null, JSON.parse(pagination.innerHTML));
}); Note that So, it correctly triggers the Pagy render method on resize, but it does nothing. At this point I had no idea why, so I disabled CSP to give it a try without my WIP. It doesn't work, because my JS is included in the bottom of my So, still for testing purpose, I moved my |
@Bahanix I am using the Pagy.init = function(){
['compact', 'items', 'responsive'].forEach(function(name){
Array.from(document.getElementsByClassName("pagy-"+name)).forEach(function(json) {
Pagy[name].apply(null, JSON.parse(json.innerHTML))
})
})
}; I will push to |
@Bahanix please, try the |
@ddnexus it works perfectly! |
Great then. Thanks. |
…ty (#52): - removed inline scripts from all extras - one single pagy.js file shared among all the extras - the Pagy.init function should be executed at document load - updated tests and docs Co-authored-by: Giulien Grillot <julien.grillot@gmail.com>
Hello, using
pagy_nav_responsive
orpagy_nav_bootstrap_responsive
, I got this CSP error because of an inline<script>
injected in the view:A way to fix without introducing the
inline-safe
vulnerability would be to replace theses<script>
(eg. here) by something like:So one can process them in the main JS, eg:
Is that something Pagy may want? Do I try a PR?
Thanks!
The text was updated successfully, but these errors were encountered: