Merge pull request #11535 from nextcloud/bugfix/11031/theming-unsafe-eval

Manually instantiate jscolor to avoid csp errors
This commit is contained in:
Roeland Jago Douma 2018-10-02 16:43:05 +02:00 committed by GitHub
commit 67c76ffcea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions

View File

@ -106,6 +106,10 @@ function hideUndoButton(setting, value) {
$(document).ready(function () { $(document).ready(function () {
$('#theming [data-toggle="tooltip"]').tooltip(); $('#theming [data-toggle="tooltip"]').tooltip();
// manually instantiate jscolor to work around new Function call which violates strict CSP
var colorElement = $('#theming-color')[0];
var jscolor = new window.jscolor(colorElement, {hash: true});
$('#theming .theme-undo').each(function() { $('#theming .theme-undo').each(function() {
var setting = $(this).data('setting'); var setting = $(this).data('setting');
var value = $('#theming-'+setting).val(); var value = $('#theming-'+setting).val();

View File

@ -62,7 +62,7 @@ style('theming', 'settings-admin');
<div> <div>
<label> <label>
<span><?php p($l->t('Color')) ?></span> <span><?php p($l->t('Color')) ?></span>
<input id="theming-color" type="text" class="jscolor" data-jscolor="{hash:true}" maxlength="7" value="<?php p($_['color']) ?>" /> <input id="theming-color" type="text" maxlength="7" value="<?php p($_['color']) ?>" />
<div data-setting="color" data-toggle="tooltip" data-original-title="<?php p($l->t('Reset to default')); ?>" class="theme-undo icon icon-history"></div> <div data-setting="color" data-toggle="tooltip" data-original-title="<?php p($l->t('Reset to default')); ?>" class="theme-undo icon icon-history"></div>
</label> </label>
</div> </div>