Add nonces to all script tags (#275)

BimberLab · Mar 10, 2024 · bf41bc4 · bf41bc4
1 parent 8bb0e12
commit bf41bc4
Show file tree

Hide file tree

Showing 45 changed files with 50 additions and 48 deletions.
diff --git a/OpenLdapSync/resources/views/ldapSettings.html b/OpenLdapSync/resources/views/ldapSettings.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         if (LABKEY.Security.currentContainer.path != '/'){
             Ext4.Msg.alert('Error', 'This page can only be viewed from the site root', function(){

diff --git a/SequenceAnalysis/resources/views/alignmentAnalysis.html b/SequenceAnalysis/resources/views/alignmentAnalysis.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;
 

diff --git a/SequenceAnalysis/resources/views/alignmentImport.html b/SequenceAnalysis/resources/views/alignmentImport.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;
 

diff --git a/SequenceAnalysis/resources/views/bamHaplotype.html b/SequenceAnalysis/resources/views/bamHaplotype.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function (){
     var outputFileIds = LABKEY.ActionURL.getParameter('outputFileIds');

diff --git a/SequenceAnalysis/resources/views/begin.html b/SequenceAnalysis/resources/views/begin.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
     Ext4.onReady(function(){
 

diff --git a/SequenceAnalysis/resources/views/coverageDepth.html b/SequenceAnalysis/resources/views/coverageDepth.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function(){
     var outputFileIds = LABKEY.ActionURL.getParameter('outputFileIds') || '';

diff --git a/SequenceAnalysis/resources/views/fastaHelper.html b/SequenceAnalysis/resources/views/fastaHelper.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 function whitelist(){
     var names = document.getElementById('whitelistNames').value;
@@ -34,10 +34,12 @@
     document.getElementById('whitelistTarget').value = toKeep.join('\n');
 }
 
-
+LABKEY.Utils.onReady(function(){
+    document.getElementById('whitelistButton')['onclick'] = whitelist;
+});
 </script>
 
-This page contains an several basic utilities to process FASTA files.  See the instructions above each item for more information.
+This page contains several basic utilities to process FASTA files.  See the instructions above each item for more information.
 
 <p/>
 <h3>1) Subset FASTA Based on List</h3>
@@ -49,7 +51,7 @@ <h3>1) Subset FASTA Based on List</h3>
     <tr>
         <td>FASTA Contents:<span></span><br><textarea rows="10" cols="30" id="whitelistFasta"></textarea></td>
         <td>Allowable Names:<span></span><br><textarea rows="10" cols="30" id="whitelistNames"></textarea></td>
-        <td><button id="whitelistButton" onclick=whitelist()>--></button></td>
+        <td><button id="whitelistButton">--></button></td>
         <td>Matching Entries:<span></span><br><textarea rows="10" cols="30" id="whitelistTarget"></textarea></td>
     </tr>
 </table>
diff --git a/SequenceAnalysis/resources/views/haplotypeDetails.html b/SequenceAnalysis/resources/views/haplotypeDetails.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function (){
     var name = LABKEY.ActionURL.getParameter('haplotypeId');

diff --git a/SequenceAnalysis/resources/views/illuminaSampleSheetExport.html b/SequenceAnalysis/resources/views/illuminaSampleSheetExport.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function(){
     var webpart = <%=webpartContext%>;

diff --git a/SequenceAnalysis/resources/views/importFasta.html b/SequenceAnalysis/resources/views/importFasta.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
     Ext4.onReady(function (){
         var path = LABKEY.ActionURL.getParameter("path");

diff --git a/SequenceAnalysis/resources/views/importReadset.html b/SequenceAnalysis/resources/views/importReadset.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;
 

diff --git a/SequenceAnalysis/resources/views/importTracks.html b/SequenceAnalysis/resources/views/importTracks.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
     Ext4.onReady(function(){
 

diff --git a/SequenceAnalysis/resources/views/insertRefSequence.html b/SequenceAnalysis/resources/views/insertRefSequence.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function(){
     var webpart = <%=webpartContext%>;

diff --git a/SequenceAnalysis/resources/views/instrumentImport.html b/SequenceAnalysis/resources/views/instrumentImport.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;
 

diff --git a/SequenceAnalysis/resources/views/instrumentRunDetails.html b/SequenceAnalysis/resources/views/instrumentRunDetails.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function (){
     var runId = LABKEY.ActionURL.getParameter('id');

diff --git a/SequenceAnalysis/resources/views/libraryDetails.html b/SequenceAnalysis/resources/views/libraryDetails.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function (){
     var rowid = LABKEY.ActionURL.getParameter('libraryId');

diff --git a/SequenceAnalysis/resources/views/lineagePivot.html b/SequenceAnalysis/resources/views/lineagePivot.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function(){
     var webpart = <%=webpartContext%>;

diff --git a/SequenceAnalysis/resources/views/populateSequences.html b/SequenceAnalysis/resources/views/populateSequences.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function(){
 

diff --git a/SequenceAnalysis/resources/views/readsetDetails.html b/SequenceAnalysis/resources/views/readsetDetails.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function (){
     var readsetId = LABKEY.ActionURL.getParameter('id');

diff --git a/SequenceAnalysis/resources/views/sampleSheetExport.html b/SequenceAnalysis/resources/views/sampleSheetExport.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function(){
     var webpart = <%=webpartContext%>;

diff --git a/SequenceAnalysis/resources/views/sbtToGeneTable.html b/SequenceAnalysis/resources/views/sbtToGeneTable.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         //TODO: account for features duplicated across genomes?
         Ext4.define('SequenceAnalysis.panel.SBTExportPanel', {

diff --git a/SequenceAnalysis/resources/views/search.html b/SequenceAnalysis/resources/views/search.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function(){
     var metadata = {

diff --git a/SequenceAnalysis/resources/views/sequenceAnalysis.html b/SequenceAnalysis/resources/views/sequenceAnalysis.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;
 

diff --git a/SequenceAnalysis/resources/views/sequenceAnalysisDetails.html b/SequenceAnalysis/resources/views/sequenceAnalysisDetails.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function (){
     var analysisId = LABKEY.ActionURL.getParameter('id');

diff --git a/SequenceAnalysis/resources/views/sequenceDefaults.html b/SequenceAnalysis/resources/views/sequenceDefaults.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         Ext4.create('SequenceAnalysis.panel.SequenceImportSettingsPanel', {
             title: 'Sequence Import Defaults'

diff --git a/SequenceAnalysis/resources/views/sequenceOutputImport.html b/SequenceAnalysis/resources/views/sequenceOutputImport.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function(){
 

diff --git a/SequenceAnalysis/resources/views/siteAdmin.html b/SequenceAnalysis/resources/views/siteAdmin.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         if (LABKEY.Security.currentContainer.path != '/' && LABKEY.Security.currentContainer.path != '/Shared'){
             Ext4.Msg.alert('Error', 'This page can only be viewed from the site root', function(){

diff --git a/SequenceAnalysis/resources/views/snp_haplotype.html b/SequenceAnalysis/resources/views/snp_haplotype.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function (){
     var analysisIds = LABKEY.ActionURL.getParameter('analysisIds');

diff --git a/SequenceAnalysis/resources/views/snp_viewer.html b/SequenceAnalysis/resources/views/snp_viewer.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function (){
     var analysisIds = LABKEY.ActionURL.getParameter('analysisIds');

diff --git a/SequenceAnalysis/resources/views/splitStrings.html b/SequenceAnalysis/resources/views/splitStrings.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function(){
     Ext4.define('SequenceAnalysis.panel.SplitSplittingPanel', {

diff --git a/SequenceAnalysis/resources/views/variantComparison.html b/SequenceAnalysis/resources/views/variantComparison.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;
 

diff --git a/SequenceAnalysis/resources/views/variantProcessing.html b/SequenceAnalysis/resources/views/variantProcessing.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;
 

diff --git a/SequenceAnalysis/resources/views/virusStrainDetails.html b/SequenceAnalysis/resources/views/virusStrainDetails.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function (){
     if (!LABKEY.ActionURL.getParameter('virus_strain')){

diff --git a/blast/resources/views/blast.html b/blast/resources/views/blast.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;

diff --git a/blast/resources/views/settings.html b/blast/resources/views/settings.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 Ext4.onReady(function (){
 

diff --git a/blast/src/org/labkey/blast/view/jobDetails.jsp b/blast/src/org/labkey/blast/view/jobDetails.jsp
@@ -53,7 +53,7 @@
     boolean hasRun = job.isHasRun();
 %>
 
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=getScriptNonce()%>">
 
     Ext4.onReady(function(){
         Ext4.define('BLAST.panel.BlastDetailsPanel', {

diff --git a/jbrowse/resources/views/begin.html b/jbrowse/resources/views/begin.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;

diff --git a/jbrowse/resources/views/databaseDetails.html b/jbrowse/resources/views/databaseDetails.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
     Ext4.onReady(function (){
         var objectid = LABKEY.ActionURL.getParameter('databaseId');

diff --git a/jbrowse/resources/views/genotypeTable.html b/jbrowse/resources/views/genotypeTable.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     (function ($){
         var trackId = LABKEY.ActionURL.getParameter("trackId");
         var chr = LABKEY.ActionURL.getParameter("chr");

diff --git a/jbrowse/resources/views/jbrowseSearch.html b/jbrowse/resources/views/jbrowseSearch.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     +function() {
         const sessionId = <%=webpartContext%>.databaseId;
         LABKEY.App.loadApp('jbrowseSearchWebpart', <%=webpartContext%>.wrapperDivId, sessionId)

diff --git a/singlecell/resources/views/cDNAImport.html b/singlecell/resources/views/cDNAImport.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;

diff --git a/singlecell/resources/views/libraryExport.html b/singlecell/resources/views/libraryExport.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;

diff --git a/singlecell/resources/views/poolImport.html b/singlecell/resources/views/poolImport.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;

diff --git a/singlecell/resources/views/singleCellDataManagement.html b/singlecell/resources/views/singleCellDataManagement.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
     Ext4.onReady(function (){
         var webpart = <%=webpartContext%>;

diff --git a/singlecell/resources/views/singleCellProcessing.html b/singlecell/resources/views/singleCellProcessing.html
@@ -1,4 +1,4 @@
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     Ext4.onReady(function(){
         var webpart = <%=webpartContext%>;