luciano/htmgo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add CSP nonce. Resolves: #69

Browse source
This commit is contained in:
rafaelDev0ps 2025-01-14 21:32:18 -03:00
parent 66b6dfffd3
commit 3a23e7e566
2 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
framework/h/render.go
View file

@ -20,6 +20,12 @@ func WithDocType() RenderOpt {
} }
} }
func WithNonce(nonce string) RenderOpt {
return func(context *RenderContext, opt *RenderOptions) {
context.nonce = nonce
}
}
// Render renders the given node recursively, and returns the resulting string. // Render renders the given node recursively, and returns the resulting string.
func Render(node Ren, opts ...RenderOpt) string { func Render(node Ren, opts ...RenderOpt) string {
builder := &strings.Builder{} builder := &strings.Builder{}

8
framework/h/renderer.go
View file

@ -2,10 +2,11 @@ package h
import ( import (
"fmt" "fmt"
"github.com/maddalax/htmgo/framework/hx"
"html" "html"
"html/template" "html/template"
"strings" "strings"
"github.com/maddalax/htmgo/framework/hx"
) )
type CustomElement = string type CustomElement = string
@ -44,16 +45,17 @@ type RenderContext struct {
builder *strings.Builder builder *strings.Builder
scripts []ScriptEntry scripts []ScriptEntry
currentElement *Element currentElement *Element
nonce string
} }
func (ctx *RenderContext) AddScript(funcName string, body string) { func (ctx *RenderContext) AddScript(funcName string, body string) {
script := fmt.Sprintf(` script := fmt.Sprintf(`
<script id="%s"> <script id="%s" nonce="%s">
function %s(self, event) { function %s(self, event) {
let e = event; let e = event;
%s %s
} }
</script>`, funcName, funcName, body) </script>`, funcName, ctx.nonce, funcName, body)
ctx.scripts = append(ctx.scripts, ScriptEntry{ ctx.scripts = append(ctx.scripts, ScriptEntry{
Body: script, Body: script,