kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Merge branch 'add-nonce-to-shortcuts-eval' into 'master'

Browse source 
Add nonce to globalEval in shortcuts.js

See merge request gitlab-org/gitlab-ce!31837
This commit is contained in:
Stan Hu 2019-08-15 23:20:01 +00:00
commit bd5c259a0b
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/assets/javascripts/behaviors/shortcuts/shortcuts.js
View file

@ -4,7 +4,7 @@ import Mousetrap from 'mousetrap';
import axios from '../../lib/utils/axios_utils';
import { refreshCurrentPage, visitUrl } from '../../lib/utils/url_utility';
import findAndFollowLink from '../../lib/utils/navigation_utility';
import { parseBoolean } from '~/lib/utils/common_utils';
import { parseBoolean, getCspNonceValue } from '~/lib/utils/common_utils';
const defaultStopCallback = Mousetrap.stopCallback;
Mousetrap.stopCallback = (e, element, combo) => {
@ -94,7 +94,7 @@ export default class Shortcuts {
responseType: 'text',
})
.then(({ data }) => {
$.globalEval(data);
$.globalEval(data, { nonce: getCspNonceValue() });
if (location && location.length > 0) {
const results = [];