Skip to content
Permalink
Browse files

Add link to github

  • Loading branch information...
marcomontalbano committed Nov 4, 2019
1 parent 154ac25 commit bccaf987dcb7490e259c9e316fa4fa1bd4ebde65
Showing with 17 additions and 8 deletions.
  1. +13 −3 index.hbs
  2. +3 −0 jscode.js
  3. +1 −5 server.js
@@ -4,14 +4,24 @@

<link rel="stylesheet" href="//cdn.jsdelivr.net/gh/highlightjs/cdn-release@9.16.2/build/styles/atom-one-dark.min.css">

<script nonce="{{ nonce }}">alert('Hi from "nonce" script!')</script>
<script>alert('Loaded from a "non-nonce" script!')</script>
<script nonce="{{ nonce }}">console.log('Hi from "nonce" script!');</script>
<script>console.log('Hi from "non-nonce" script!');</script>

</head>
<body>

<p>Hello World!</p>
<h1><code>nonce</code></h1>
<p>Open the developer tool on console panel and reload the page.</p>

{{#if nonce}}
<code>Content Security Policy (CSP)</code> is set. <a href="/">try without it</a>
{{else}}
<code>Content Security Policy (CSP)</code> is not set. <a href="/nonce">try with it</a>
{{/if}}

<pre><code class="hljs javascript">{{{ jscode }}}</code></pre>

<a href="https://github.com/marcomontalbano/test-nonce">GitHub</a>

</body>
</html>
@@ -0,0 +1,3 @@
var scriptElement = document.createElement('script');
scriptElement.innerHTML = 'alert("Hi everyone!")';
document.body.append(scriptElement);
@@ -19,11 +19,7 @@ app.use('/nonce', require('helmet-csp')({

app.get('/|/nonce', function (req, res) {
const render = handlebars.compile(fs.readFileSync('./index.hbs', 'utf8'));
const jscode = highlightedCode = hljs.highlightAuto(`
var scriptElement = document.createElement('script');
scriptElement.innerHTML = 'alert("Hi everyone!")';
document.body.append(scriptElement);
`).value;
const jscode = hljs.highlightAuto(fs.readFileSync('./jscode.js', 'utf8')).value;

res.send(render({ nonce: res.locals.nonce, jscode }));
})

0 comments on commit bccaf98

Please sign in to comment.
You can’t perform that action at this time.