diff options
author | Literallie | 2017-10-18 19:37:55 +0200 |
---|---|---|
committer | Literallie | 2017-10-22 00:03:45 +0200 |
commit | 4238b9b3efc3a9c001b5e1cf6c1883ffd0f92800 (patch) | |
tree | 05810009e4780fc058d1f3a625d96cbb8985669b | |
parent | 080436aebb4c4681f85cc8bf5d8563832ff8dbdd (diff) |
Fix MathJax CSP issues
Diffstat (limited to '')
-rw-r--r-- | app.js | 14 | ||||
-rw-r--r-- | public/js/mathjax-config-extra.js | 8 | ||||
-rw-r--r-- | public/views/hackmd/foot.ejs | 4 | ||||
-rw-r--r-- | public/views/pretty.ejs | 4 | ||||
-rw-r--r-- | public/views/slide.ejs | 4 |
5 files changed, 18 insertions, 16 deletions
@@ -118,22 +118,22 @@ app.use((req, res, next) => { // https://helmetjs.github.io/docs/csp/ if (config.csp.enable) { var cdnDirectives = { - scriptSrc: ["https://cdnjs.cloudflare.com"], - styleSrc: ["https://cdnjs.cloudflare.com", "https://fonts.googleapis.com"], - fontSrc: ["https://cdnjs.cloudflare.com", "https://fonts.gstatic.com"] + scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'], + styleSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.googleapis.com'], + fontSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.gstatic.com'] } var directives = {} for (var propertyName in config.csp.directives) { - if(config.csp.directives.hasOwnProperty(propertyName)) { + if (config.csp.directives.hasOwnProperty(propertyName)) { var directive = config.csp.directives[propertyName] if (config.usecdn && !!cdnDirectives[propertyName]) { directive = directive.concat(cdnDirectives[propertyName]) } - directives[propertyName] = directive; + directives[propertyName] = directive } } directives.scriptSrc.push(function (req, res) { return "'nonce-" + res.locals.nonce + "'" }) - if(config.csp.upgradeInsecureRequests === 'auto') { + if (config.csp.upgradeInsecureRequests === 'auto') { directives.upgradeInsecureRequests = config.usessl === 'true' } else { directives.upgradeInsecureRequests = config.csp.upgradeInsecureRequests === 'true' @@ -142,7 +142,7 @@ if (config.csp.enable) { directives: directives })) } else { - logger.info('Content-Security-Policy is disabled. This may be a security risk.'); + logger.info('Content-Security-Policy is disabled. This may be a security risk.') } i18n.configure({ diff --git a/public/js/mathjax-config-extra.js b/public/js/mathjax-config-extra.js new file mode 100644 index 00000000..54cee794 --- /dev/null +++ b/public/js/mathjax-config-extra.js @@ -0,0 +1,8 @@ +var MathJax = { + messageStyle: 'none', + skipStartupTypeset: true, + tex2jax: { + inlineMath: [['$', '$'], ['\\(', '\\)']], + processEscapes: true + } +} diff --git a/public/views/hackmd/foot.ejs b/public/views/hackmd/foot.ejs index 6a1f3b99..8438dce2 100644 --- a/public/views/hackmd/foot.ejs +++ b/public/views/hackmd/foot.ejs @@ -1,6 +1,4 @@ -<script type="text/x-mathjax-config"> - MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }}); -</script> +<script src="<%= url %>/js/mathjax-config-extra.js"></script> <% if(useCDN) { %> <script src="https://cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js" integrity="sha256-PieqE0QdEDMppwXrTzSZQr6tWFX3W5KkyRVyF1zN3eg=" crossorigin="anonymous" defer></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script> diff --git a/public/views/pretty.ejs b/public/views/pretty.ejs index 80d2505c..b2988e39 100644 --- a/public/views/pretty.ejs +++ b/public/views/pretty.ejs @@ -72,9 +72,7 @@ </body> </html> -<script type="text/x-mathjax-config"> - MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }}); -</script> +<script src="<%= url %>/js/mathjax-config-extra.js"></script> <% if(useCDN) { %> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script> diff --git a/public/views/slide.ejs b/public/views/slide.ejs index c7dd9898..269ce044 100644 --- a/public/views/slide.ejs +++ b/public/views/slide.ejs @@ -89,9 +89,7 @@ </div> </div> - <script type="text/x-mathjax-config"> - MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }}); - </script> + <script src="<%= url %>/js/mathjax-config-extra.js"></script> <% if(useCDN) { %> <script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/lib/js/head.min.js" integrity="sha256-+09kLhwACKXFPDvqo4xMMvi4+uXFsRZ2uYGbeN1U8sI=" crossorigin="anonymous"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/js/reveal.min.js" integrity="sha256-lvaInSKflJWLPqf5N5oHr/UZFwXKD6gckerdwoHqECY=" crossorigin="anonymous"></script> |