introduce a template function to output a inline script

splitbrain · splitbrain · commit a77ab274d63b · 2024-02-21T15:56:24.000+01:00
This handles the output of a potentially available nonce.
diff --git a/inc/Ui/Editor.php b/inc/Ui/Editor.php
@@ -150,7 +150,7 @@ public function show()
         // start editor html output
         if ($wr) {
             // sets changed to true when previewed
-            echo '<script>/*<![CDATA[*/textChanged = ' . ($mod ? 'true' : 'false') . '/*!]]>*/</script>';
+            tpl_inlineScript('textChanged = ' . ($mod ? 'true' : 'false') . ';');
         }
 
         // print intro locale text (edit, rditrev, or read.txt)
diff --git a/inc/template.php b/inc/template.php
@@ -440,6 +440,30 @@ function _tpl_metaheaders_action($data)
     }
 }
 
+/**
+ * Output the given script as inline script tag
+ *
+ * This function will add the nonce attribute if a nonce is available.
+ *
+ * The script is NOT automatically escaped!
+ *
+ * @param string $script
+ * @param bool $return Return or print directly?
+ * @return string|void
+ */
+function tpl_inlineScript($script, $return = false)
+{
+    $nonce = getenv('NONCE');
+    if ($nonce) {
+        $script = '<script nonce="' . $nonce . '">' . $script . '</script>';
+    } else {
+        $script = '<script>' . $script . '</script>';
+    }
+
+    if ($return) return $script;
+    echo $script;
+}
+
 /**
  * Print a link
  *

Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,7 @@ public function show()`
`150`	`150`	`// start editor html output`
`151`	`151`	`if ($wr) {`
`152`	`152`	`// sets changed to true when previewed`
`153`		`- echo '<script>/<![CDATA[/textChanged = ' . ($mod ? 'true' : 'false') . '/!]]>/</script>';`
	`153`	`+ tpl_inlineScript('textChanged = ' . ($mod ? 'true' : 'false') . ';');`
`154`	`154`	`}`
`155`	`155`
`156`	`156`	`// print intro locale text (edit, rditrev, or read.txt)`