Fixed inline script rejected by CSP in some instances (#drawio-nextcl…

…oud-69)
jgraph · Jan 2, 2024 · 600b23e · 600b23e · davidjgraph · Jan 9, 2024
1 parent abfb97b
commit 600b23e
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 44 deletions.
diff --git a/js/editor.js b/js/editor.js
diff --git a/src/editor.js b/src/editor.js
@@ -202,7 +202,7 @@ import '@nextcloud/dialogs/dist/index.css'
 
     OCA.DrawIO.EditFile = function (editWindow, origin, autosave, isWB, previews, configObj) 
     {
-        var autosaveEnabled = autosave === 'yes';
+        var autosaveEnabled = autosave;
         var fileId = $('#iframeEditor').data('id');
         var shareToken = $('#iframeEditor').data('sharetoken');
         var currentFile = null;
@@ -496,3 +496,51 @@ import '@nextcloud/dialogs/dist/index.css'
     };
 
 })(OCA);
+
+$(function () {
+    var drawioData = JSON.parse(atob($('#drawioData').text()));
+
+    if (drawioData['error'])
+    {
+        OCA.DrawIO.DisplayError(drawioData['error']);
+    }
+    else
+    {
+        var iframe = document.getElementById('iframeEditor');
+        var originUrl = drawioData['drawioUrl'];
+        var drawIoUrl = drawioData['drawioUrl'] + drawioData['frame_params'];
+        var autosave = drawioData['finalAutosave'] == 'yes';
+        var isWB = drawioData['isWB'] == 'true';
+        var previews = drawioData['drawioPreviews'] == 'yes';
+
+        if (drawioData['drawioDarkMode'] == 'auto')
+        {
+            try
+            {
+                var darkMode = window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches;
+                var themeName = OCA.Theming.enabledThemes[0];
+
+                if ((!themeName || themeName === 'default') && darkMode)
+                {
+                    drawIoUrl += '&dark=1';
+                }
+                else if (themeName && themeName.indexOf('dark') !== -1)
+                {
+                    drawIoUrl += '&dark=1';
+                }
+            }
+            catch (e){}
+        }
+
+        var config = {};
+
+        try
+        {
+            config = JSON.parse(drawioData['drawioConfig']);
+        }
+        catch (e){}
+
+        OCA.DrawIO.EditFile(iframe.contentWindow, originUrl, autosave, isWB, previews, config);
+        iframe.setAttribute('src', drawIoUrl);
+    }
+});
diff --git a/templates/editor.php b/templates/editor.php
@@ -32,50 +32,14 @@
     }
 
     $frame_params .= "&spin=1&proto=json&p=nxtcld&keepmodified=1";
+
+    $_["frame_params"] = $frame_params;
+    $_["finalAutosave"] = $finalAutosave;
+
+    $drawioData = base64_encode(json_encode($_));
 ?>
 
 <div id="app-content">
-
     <iframe id="iframeEditor" data-id="<?php p($_["fileId"]) ?>" data-sharetoken="<?php p($_["shareToken"]) ?>" width="100%" height="100%" align="top" frameborder="0" name="iframeEditor" onmousewheel="" allowfullscreen=""></iframe>
-
-    <script type="text/javascript" nonce="<?php p(base64_encode($_["requesttoken"])) ?>" defer>
-        window.addEventListener('DOMContentLoaded', function() {
-            <?php if (!empty($_['error'])) { ?>
-                OCA.DrawIO.DisplayError("<?php p($_['error']) ?>");
-            <?php } else { ?>
-                var iframe = document.getElementById("iframeEditor");
-                var originUrl = "<?php p($_['drawioUrl']); ?>";
-                var drawIoUrl = "<?php p($_['drawioUrl']); print_unescaped($frame_params); ?>"
-                var autosave = "<?php p($finalAutosave); ?>";
-                var isWB = <?php p($_['isWB']); ?>;
-                var previews = <?php p($_['drawioPreviews'] == 'yes'? 'true' : 'false'); ?>;
-
-                <?php if ($_["drawioDarkMode"] == "auto") { ?>
-                    try
-                    {
-                        var darkMode = window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches;
-                        var themeName = OCA.Theming.enabledThemes[0];
-
-                        if ((!themeName || themeName === 'default') && darkMode)
-                        {
-                            drawIoUrl += '&dark=1';
-                        }
-                        else if (themeName && themeName.indexOf('dark') !== -1)
-                        {
-                            drawIoUrl += '&dark=1';
-                        }
-                    }
-                    catch (e){}
-                <?php } ?>
-                var config = {};
-                try
-                {
-                    config = JSON.parse('<?php print_unescaped(str_replace("'", "\\'", $_["drawioConfig"])); ?>');
-                }
-                catch (e){}
-                OCA.DrawIO.EditFile(iframe.contentWindow, originUrl, autosave, isWB, previews, config);
-                iframe.setAttribute('src', drawIoUrl);
-            <?php } ?>
-        });
-    </script>
+    <div style="display: none" id="drawioData"><?php print_unescaped($drawioData) ?></div>
 </div>