app/views/layouts/searchjoy/application.html.erb in searchjoy-1.0.0 vs app/views/layouts/searchjoy/application.html.erb in searchjoy-1.1.0
- old
+ new
@@ -2,10 +2,11 @@
<html>
<head>
<title>Searchjoy</title>
<meta charset="utf-8" />
+ <%= csp_meta_tag %>
<style>
body {
font-family: "Helvetica Neue", Arial, Helvetica, sans-serif;
margin: 0;
@@ -287,13 +288,13 @@
--litepickerDayIsTodayColor: #5cb85c !important;
}
</style>
<% if defined?(Propshaft::Railtie) %>
- <%= javascript_include_tag "chartkick", "Chart.bundle", "searchjoy/litepicker", "searchjoy/application" %>
+ <%= javascript_include_tag "chartkick", "Chart.bundle", "searchjoy/litepicker", "searchjoy/application", nonce: true %>
<% else %>
- <%= javascript_include_tag "searchjoy/application" %>
+ <%= javascript_include_tag "searchjoy/application", nonce: true %>
<% end %>
</head>
<body>
<div class="container">
<div id="header" style="padding-bottom: 10px;">
@@ -312,11 +313,11 @@
<% if @time_range %>
<span id="time-range" style="cursor: pointer; line-height: 26px; padding-bottom: 10px;">
<%= @time_range.first.strftime("%b %-e, %Y") %> to <%= @time_range.last.strftime("%b %-e, %Y") %>
</span>
<span class="text-muted"><%= @time_zone.name.sub(" (US & Canada)", "") %></span>
- <script>
+ <%= javascript_tag nonce: true do %>
var startDate = <%= raw json_escape(@time_range.first.to_json) %>;
var endDate = <%= raw json_escape(@time_range.last.to_json) %>;
new Litepicker({
element: document.getElementById('time-range'),
firstDay: 0,
@@ -335,10 +336,10 @@
params.set('start_date', date1.toISOString().slice(0, 10));
params.set('end_date', date2.toISOString().slice(0, 10));
window.location.href = window.location.pathname + "?" + params.toString();
}
});
- </script>
+ <% end %>
<% end %>
</div>
</div>
</div>