[fix] oscar theme, remove inline style attributes (CSP compliants)

Inline styles are blocked by default with Content Security Policy (CSP). Move the rest of inline styles to CSS and correct the HTML template of the oscar preference page. Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
searx · May 15, 2020 · ad20837 · ad20837
1 parent 4954e56
commit ad20837
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 12 deletions.
diff --git a/searx/static/themes/oscar/less/logicodev/preferences.less b/searx/static/themes/oscar/less/logicodev/preferences.less
@@ -1,3 +1,15 @@
 .table > tbody > tr > td, .table > tbody > tr > th {
     vertical-align: middle !important;
 }
+
+.nav-tabs.nav-justified{
+  margin-bottom: 20px;
+}
+
+p {
+    margin: 10px 0;
+}
+
+input.cursor-text {
+    margin: 10px 0;
+}
diff --git a/searx/templates/oscar/preferences.html b/searx/templates/oscar/preferences.html
@@ -9,7 +9,7 @@ <h1>{{ _('Preferences') }}</h1>
     <form method="post" action="{{ url_for('preferences') }}" id="search_form">
 
         <!-- Nav tabs -->
-        <ul class="nav nav-tabs nav-justified hide_if_nojs" role="tablist" style="margin-bottom:20px;">
+        <ul class="nav nav-tabs nav-justified hide_if_nojs" role="tablist">
           <li class="active"><a href="#tab_general" role="tab" data-toggle="tab">{{ _('General') }}</a></li>
           <li><a href="#tab_engine" role="tab" data-toggle="tab">{{ _('Engines') }}</a></li>
           <li><a href="#tab_plugins" role="tab" data-toggle="tab">{{ _('Plugins') }}</a></li>
@@ -143,7 +143,7 @@ <h3>{{ _('General') }}</h3>
             <div class="tab-pane active_if_nojs" id="tab_engine">
 
                 <!-- Nav tabs -->
-                <ul class="nav nav-tabs nav-justified hide_if_nojs" role="tablist" style="margin-bottom:20px;">
+                <ul class="nav nav-tabs nav-justified hide_if_nojs" role="tablist">
                     {% for categ in all_categories %}
                     <li{% if loop.first %} class="active"{% endif %}><a href="#tab_engine_{{ categ|replace(' ', '_') }}" role="tab" data-toggle="tab">{{ _(categ) }}</a></li>
                     {% endfor %}
@@ -251,7 +251,7 @@ <h3 class="panel-title">{{ _(plugin.name) }}</h3>
                 <noscript>
                     <h3>{{ _('Answerers') }}</h3>
                 </noscript>
-                <p class="text-muted" style="margin:20px 0;">
+                <p class="text-muted">
                     {{ _('This is the list of searx\'s instant answering modules.') }}
                 </p>
                 <table class="table table-striped">
@@ -278,20 +278,20 @@ <h3>{{ _('Answerers') }}</h3>
                 <noscript>
                     <h3>{{ _('Cookies') }}</h3>
                 </noscript>
-                <p class="text-muted" style="margin:20px 0;">
+                <p class="text-muted">
                     {{ _('This is the list of cookies and their values searx is storing on your computer.') }}<br />
                     {{ _('With that list, you can assess searx transparency.') }}<br />
                 </p>
                 {% if cookies %}
                 <table class="table table-striped">
                     <tr>
-                        <th class="text-muted" style="padding-right:40px;">{{ _('Cookie name') }}</th>
+                        <th class="text-muted">{{ _('Cookie name') }}</th>
                         <th class="text-muted">{{ _('Value') }}</th>
                     </tr>
 
                     {% for cookie in cookies %}
                     <tr>
-                        <td class="text-muted" style="padding-right:40px;">{{ cookie }}</td>
+                        <td class="text-muted">{{ cookie }}</td>
                         <td class="text-muted">{{ cookies[cookie] }}</td>
                     </tr>
                     {% endfor %}
@@ -301,17 +301,23 @@ <h3>{{ _('Cookies') }}</h3>
                 {% endif %}
             </div>
         </div>
-        <p class="text-muted" style="margin:20px 0;">{{ _('These settings are stored in your cookies, this allows us not to store this data about you.') }}
-        <br />
-        {{ _("These cookies serve your sole convenience, we don't use these cookies to track you.") }}
+
+	<p class="text-muted">
+	  {{ _('These settings are stored in your cookies, this allows us not to store this data about you.') }}
+          {{ _("These cookies serve your sole convenience, we don't use these cookies to track you.") }}
         </p>
-        <p style="margin:20px 0;">{{ _('Search URL of the currently saved preferences') }} <small class="text-muted">({{ _('Note: specifying custom settings in the search URL can reduce privacy by leaking data to the clicked result sites.') }})</small>:<br/>
-          <input readonly="" class="form-control select-all-on-click cursor-text" type="url" value="{{ url_for('index', _external=True) }}?preferences={{ preferences_url_params|e }}{% raw %}&amp;q=%s{% endraw %}">
+
+        <p>
+	  {{ _('Search URL of the currently saved preferences') }}
+	  <small class="text-muted">({{ _('Note: specifying custom settings in the search URL can reduce privacy by leaking data to the clicked result sites.') }})</small>:
         </p>
 
-        <input type="submit" class="btn btn-primary" value="{{ _('save') }}" />
+	<div class="tab-pane">
+          <input readonly="" class="form-control select-all-on-click cursor-text" type="url" value="{{ url_for('index', _external=True) }}?preferences={{ preferences_url_params|e }}{% raw %}&amp;q=%s{% endraw %}">
+          <input type="submit" class="btn btn-primary" value="{{ _('save') }}" />
         <a href="{{ url_for('index') }}"><div class="btn btn-default">{{ _('back') }}</div></a>
         <a href="{{ url_for('clear_cookies') }}"><div class="btn btn-default">{{ _('Reset defaults') }}</div></a>
+	</div>
     </form>
 </div>
 {% endblock %}