Add script nonce for Multiuser notification script inject

2018-11-26 00:18:46 +01:00 · 2018-11-26 00:18:46 +01:00 · dace0671c2
commit dace0671c2
parent 0882f9dd3c
1 changed files with 2 additions and 1 deletions
--- a/plugins/disabled-Multiuser/MultiuserPlugin.py
+++ b/plugins/disabled-Multiuser/MultiuserPlugin.py
@ -62,7 +62,7 @@ class UiRequestPlugin(object):
            back = back_generator.next()
            inject_html = """
                <!-- Multiser plugin -->
-                <script>
+                <script nonce="{script_nonce}">
                 setTimeout(function() {
                    zeroframe.cmd("wrapperNotification", ["done", "{message}<br><small>You have been logged in successfully</small>", 5000])
                 }, 1000)
@ -75,6 +75,7 @@ class UiRequestPlugin(object):
            else:
                message = "Hello again!"
            inject_html = inject_html.replace("{message}", message)
+            inject_html = inject_html.replace("{script_nonce}", self.getScriptNonce())
            return iter([re.sub("</body>\s*</html>\s*$", inject_html, back)])  # Replace the </body></html> tags with the injection

        else:  # No injection necessary