From dace0671c2517b1e945b09738bec3915a6e76ce3 Mon Sep 17 00:00:00 2001
From: shortcutme <tamas@zeronet.io>
Date: Mon, 26 Nov 2018 00:18:46 +0100
Subject: [PATCH] Add script nonce for Multiuser notification script inject

---
 plugins/disabled-Multiuser/MultiuserPlugin.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/plugins/disabled-Multiuser/MultiuserPlugin.py b/plugins/disabled-Multiuser/MultiuserPlugin.py
index 8e4a32f2..8153ccb7 100644
--- a/plugins/disabled-Multiuser/MultiuserPlugin.py
+++ b/plugins/disabled-Multiuser/MultiuserPlugin.py
@@ -62,7 +62,7 @@ class UiRequestPlugin(object):
             back = back_generator.next()
             inject_html = """
                 <!-- Multiser plugin -->
-                <script>
+                <script nonce="{script_nonce}">
                  setTimeout(function() {
                     zeroframe.cmd("wrapperNotification", ["done", "{message}<br><small>You have been logged in successfully</small>", 5000])
                  }, 1000)
@@ -75,6 +75,7 @@ class UiRequestPlugin(object):
             else:
                 message = "Hello again!"
             inject_html = inject_html.replace("{message}", message)
+            inject_html = inject_html.replace("{script_nonce}", self.getScriptNonce())
             return iter([re.sub("</body>\s*</html>\s*$", inject_html, back)])  # Replace the </body></html> tags with the injection
 
         else:  # No injection necessary