Options
All
  • Public
  • Public/Protected
  • All
Menu

The object with functionality related to handling the script-src directive of the HTTP Content-Security-Policy (CSP) policy. This makes use of a nonce (number used once). The server must generate a unique nonce value each time it transmits a policy.

Index

Variables

NONCE_INPUT

NONCE_INPUT: string

Name of the POST parameter for transmitting the nonce.

NONCE_VALUE

NONCE_VALUE: string

The value of the nonce to be used.

Functions

clickEvent

  • GitHub #5790: When using jQuery to trigger a click event on a button while using CSP we must set preventDefault or else it will trigger a non-ajax button click.

    Returns TriggeredEvent

    the JQuery click event

eval

  • eval(js: string, nonceValue?: string): void
  • Perform a CSP safe eval().

    Parameters

    • js: string

      The JavaScript code to evaluate.

    • Optional nonceValue: string

      Nonce value. Leave out if not using CSP.

    Returns void

evalResult

  • evalResult(js: string): unknown
  • Perform a CSP safe eval() with a return result value.

    see

    https://stackoverflow.com/a/33945236/502366

    Parameters

    • js: string

      The JavaScript code to evaluate.

    Returns unknown

    The result of the evaluated JavaScript code.

executeEvent

  • CSP won't allow string-to-JavaScript methods like eval() and new Function(). This method uses JQuery globalEval to safely evaluate the function if CSP is enabled.

    Parameters

    • id: HTMLElement

      The element executing the function (aka this).

    • js: string

      The JavaScript code to evaluate. Two variables will be in scope for the code: (a) the this context, which is set to the given id, and (b) the event variable, which is set to the given e.

    • e: TriggeredEvent<any, any, any, any>

      The event from the caller to pass through.

    Returns void

init

  • init(nonce: string): void
  • Sets the given nonce to all forms on the current page.

    Parameters

    • nonce: string

      Nonce to set. This value is usually supplied by the server.

    Returns void

register

  • register(id: string, event?: string, js?: () => boolean): void
  • Registers an event listener for the given element.

    Parameters

    • id: string

      ID of an element

    • Optional event: string

      Event to listen to, with the on prefix, such as onclick or onblur.

    • Optional js: () => boolean

      Callback that may return false to prevent the default behavior of the event.

        • (): boolean
        • Returns boolean

    Returns void

Generated using TypeDoc