Move script to index.js with console.log messages

ashwinvis · ashwinvis · commit b6290345cf1b · 2021-06-16T17:59:05.000+02:00
diff --git a/index.html b/index.html
@@ -24,51 +24,8 @@
     }
   </style>
   <script src="/node_modules/mermaid/dist/mermaid.min.js"></script>
-  <script src="/socket.io/socket.io.js"></script>
-  <script>
-    var socket = io('http://'+ window.location.host +'/');
-    socket.on('connect', function () {
-      setDisconnected(false);
-      socket.on('newContent', function(newHTML) {
-        document.querySelector(".markdown-body").innerHTML = newHTML;
-
-        // scroll to the hyperlink with id="marker"
-        let marker = document.getElementById("marker");
-        if(marker) {
-          marker.scrollIntoView();
-        }
-        mermaid.init()
-      });
-      socket.on('die', function(newHTML) {
-        window.open('', '_self', '');
-        window.close();
-
-        var firefoxWarning =
-        "<h1>Oops!</h1>" +
-        "<h3>Firefox doesn't allow windows to self-close.</h3>" +
-        "<h3>If you want the preview window to close automatically like in other browsers, go to about:config and set dom.allow_scripts_to_close_windows to true.</h3>"
-        document.body.innerHTML = firefoxWarning;
-      });
-    });
-    socket.on('disconnect', function() {
-      setDisconnected(true);
-    });
-
-    try {
-      eval('// If CSP is active, then this is blocked');
-    } catch (e) {
-      // Detected that the CSP was active (by the user's preference).
-      // Drop capabilities to prevent rendered markdown from executing scripts.
-      var meta = document.createElement('meta');
-      meta.setAttribute('http-equiv', 'Content-Security-Policy');
-      meta.setAttribute('content', "script-src 'none';");
-      document.head.appendChild(meta);
-    }
-
-    function setDisconnected(isDisconnected) {
-      document.getElementById('con-error').style.display =
-        isDisconnected ? 'block' : 'none';
-    }
+  <script src="/socket.io/socket.io.min.js"></script>
+  <script src="/index.js"></script>
   </script>
 </head>
 <body>
diff --git a/index.js b/index.js
@@ -0,0 +1,51 @@
+'use strict';
+let socket = io('http://'+ window.location.host +'/');
+
+socket.on('connect', function () {
+  setDisconnected(false);
+  socket.on('newContent', function(newHTML) {
+    document.querySelector(".markdown-body").innerHTML = newHTML;
+
+    // scroll to the hyperlink with id="marker"
+    let marker = document.getElementById("marker");
+    if(marker) {
+      marker.scrollIntoView();
+    }
+    mermaid.init()
+  });
+  socket.on('die', function(newHTML) {
+    window.open('', '_self', '');
+    window.close();
+
+    let firefoxWarning =
+    "<h1>Oops!</h1>" +
+    "<h3>Firefox doesn't allow windows to self-close.</h3>" +
+    "<h3>If you want the preview window to close automatically like in other browsers, go to about:config and set dom.allow_scripts_to_close_windows to true.</h3>"
+    document.body.innerHTML = firefoxWarning;
+  });
+});
+
+socket.on('disconnect', function() {
+  setDisconnected(true);
+});
+
+try {
+  console.log('Inspecting status of Content Security Policy');
+  eval('// If CSP is active, then this is blocked');
+} catch (e) {
+  console.log(`
+    Detected that the CSP was active (by the user's preference).
+    Droping capabilities to prevent rendered markdown from executing scripts.
+    If you trust the markdown content, set environment variable
+    INSTANT_MARKDOWN_ALLOW_UNSAFE_CONTENT=1
+  `)
+  let meta = document.createElement('meta');
+  meta.setAttribute('http-equiv', 'Content-Security-Policy');
+  meta.setAttribute('content', "script-src 'none';");
+  document.head.appendChild(meta);
+}
+
+function setDisconnected(isDisconnected) {
+  document.getElementById('con-error').style.display =
+    isDisconnected ? 'block' : 'none';
+}
