Options
All
  • Public
  • Public/Protected
  • All
Menu

The object with functionality related to handling the script-src directive of the HTTP Content-Security-Policy (CSP) policy. This makes use of a nonce (number used once). The server must generate a unique nonce value each time it transmits a policy.

Index

Variables

EVENT_REGISTRY: Map<string, Map<string, boolean>>

Map of currently registered CSP events on this page.

NONCE_INPUT: string

Name of the POST parameter for transmitting the nonce.

NONCE_VALUE: string

The value of the nonce to be used.

Functions

  • GitHub #5790: When using jQuery to trigger a click event on a button while using CSP we must set preventDefault or else it will trigger a non-ajax button click.

    Parameters

    • target: JQuery<HTMLElement>

      The target of this click event.

    Returns TriggeredEvent

    the JQuery click event

  • eval(js: string, nonceValue?: string, windowContext?: string): void
  • Perform a CSP safe eval().

    Parameters

    • js: string

      The JavaScript code to evaluate.

    • Optional nonceValue: string

      Nonce value. Leave out if not using CSP.

    • Optional windowContext: string

      Optional Window context to call eval from.

    Returns void

  • evalResult(js: string, nonceValue?: string, windowContext?: string): unknown
  • Perform a CSP safe eval() with a return result value.

    see

    https://stackoverflow.com/a/33945236/502366

    Parameters

    • js: string

      The JavaScript code to evaluate.

    • Optional nonceValue: string

      Nonce value. Leave out if not using CSP.

    • Optional windowContext: string

      Optional Window context to call eval from.

    Returns unknown

    The result of the evaluated JavaScript code.

  • executeEvent(id: HTMLElement, js: string, e: TriggeredEvent<any, any, any, any>): void
  • CSP won't allow string-to-JavaScript methods like eval() and new Function(). This method uses JQuery globalEval to safely evaluate the function if CSP is enabled.

    Parameters

    • id: HTMLElement

      The element executing the function (aka this).

    • js: string

      The JavaScript code to evaluate. Two variables will be in scope for the code: (a) the this context, which is set to the given id, and (b) the event variable, which is set to the given e.

    • e: TriggeredEvent<any, any, any, any>

      The event from the caller to pass through.

    Returns void

  • hasRegisteredAjaxifiedEvent(id: string, event?: string): boolean | undefined
  • Does this component have a registered AJAX event.

    Parameters

    • id: string

      ID of an element

    • Optional event: string

      Event to listen to, with the on prefix, such as onclick or onblur.

    Returns boolean | undefined

    true if component has this AJAX event

  • init(nonce: string): void
  • Sets the given nonce to all forms on the current page.

    Parameters

    • nonce: string

      Nonce to set. This value is usually supplied by the server.

    Returns void

  • isFacesForm(form?: HTMLInputElement): boolean
  • Checks if the given form is a Faces form.

    Parameters

    • Optional form: HTMLInputElement

      The form to check.

    Returns boolean

    true if the form is a Faces form.

  • register(id: string, event?: string, js?: (() => boolean)): void
  • Registers an event listener for the given element.

    Parameters

    • id: string

      ID of an element

    • Optional event: string

      Event to listen to, with the on prefix, such as onclick or onblur.

    • Optional js: (() => boolean)

      Callback that may return false to prevent the default behavior of the event.

        • (): boolean
        • Returns boolean

    Returns void

Generated using TypeDoc