Skip to content

Commit 0ec68e3

Browse files
manisandromanisandro
committed
Also inject nonce in script tags without attributes
1 parent 02ec0cf commit 0ec68e3

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

src/qwc2_viewer.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -218,6 +218,7 @@ def qwc2_index(self, identity, params, request_url):
218218
csp += "; " + self.extra_csp_directives
219219
viewer_index = viewer_index.replace('<head>', '<head>\n<meta http-equiv="Content-Security-Policy" content="%s">' % csp)
220220
viewer_index = viewer_index.replace('<script ', '<script nonce="%s" ' % nonce)
221+
viewer_index = viewer_index.replace('<script>', '<script nonce="%s">' % nonce)
221222

222223
return viewer_index
223224

0 commit comments

Comments
 (0)