UIMacros: added n:nonce

dg · dg · commit 3e30a1ec9417 · 2017-01-19T11:34:07.000+01:00
diff --git a/src/Application/UI/Presenter.php b/src/Application/UI/Presenter.php
@@ -1365,7 +1365,7 @@ public function getContext()
 	/**
 	 * @return Nette\Http\IRequest
 	 */
-	protected function getHttpRequest()
+	public function getHttpRequest()
 	{
 		return $this->httpRequest;
 	}
@@ -1374,7 +1374,7 @@ protected function getHttpRequest()
 	/**
 	 * @return Nette\Http\IResponse
 	 */
-	protected function getHttpResponse()
+	public function getHttpResponse()
 	{
 		return $this->httpResponse;
 	}
diff --git a/src/Bridges/ApplicationLatte/TemplateFactory.php b/src/Bridges/ApplicationLatte/TemplateFactory.php
@@ -103,6 +103,8 @@ public function createTemplate(UI\Control $control = NULL)
 			$latte->addProvider('uiControl', $control);
 			$latte->addProvider('uiPresenter', $presenter);
 			$latte->addProvider('snippetBridge', new Nette\Bridges\ApplicationLatte\SnippetBridge($control));
+			$nonce = preg_match('#\s\'nonce-([\w+/]+=*)\'#', $presenter->getHttpResponse()->getHeader('Content-Security-Policy'), $m) ? $m[1] : NULL;
+			$latte->addProvider('uiNonce', $nonce);
 		}
 		$latte->addProvider('cacheStorage', $this->cacheStorage);
 
diff --git a/src/Bridges/ApplicationLatte/UIMacros.php b/src/Bridges/ApplicationLatte/UIMacros.php
@@ -21,6 +21,7 @@
  * - {link destination ...} control link
  * - {plink destination ...} presenter link
  * - {snippet ?} ... {/snippet ?} control snippet
+ * - n:once
  */
 class UIMacros extends Latte\Macros\MacroSet
 {
@@ -41,6 +42,7 @@ public static function install(Latte\Compiler $compiler)
 		$me->addMacro('ifCurrent', [$me, 'macroIfCurrent'], '}'); // deprecated; use n:class="$presenter->linkCurrent ? ..."
 		$me->addMacro('extends', [$me, 'macroExtends']);
 		$me->addMacro('layout', [$me, 'macroExtends']);
+		$me->addMacro('nonce', NULL, NULL, 'echo $this->global->uiNonce ? " nonce=\"{$this->global->uiNonce}\"" : "";');
 	}
 
 
diff --git a/tests/Bridges.Latte/TemplateFactory.nonce.phpt b/tests/Bridges.Latte/TemplateFactory.nonce.phpt
@@ -0,0 +1,36 @@
+<?php
+
+/**
+ * Test: TemplateFactory nonce
+ */
+
+use Nette\Application\UI;
+use Nette\Bridges\ApplicationLatte;
+use Tester\Assert;
+
+
+require __DIR__ . '/../bootstrap.php';
+
+
+$latte = new Latte\Engine;
+
+$latteFactory = Mockery::mock(ApplicationLatte\ILatteFactory::class);
+$latteFactory->shouldReceive('create')->andReturn($latte);
+
+$response = Mockery::mock(Nette\Http\Response::class);
+$response->shouldReceive('getHeader')->with('Content-Security-Policy')->andReturn("hello 'nonce-abcd123==' world");
+
+$presenter = Mockery::mock(UI\Presenter::class);
+$presenter->shouldReceive('getPresenter')->andReturn($presenter);
+$presenter->shouldReceive('getHttpResponse')->andReturn($response);
+$presenter->shouldIgnoreMissing();
+
+$factory = new ApplicationLatte\TemplateFactory($latteFactory);
+$factory->createTemplate($presenter);
+
+$latte->setLoader(new Latte\Loaders\StringLoader);
+
+Assert::match(
+	'<script nonce="abcd123=="></script>',
+	$latte->renderToString('<script n:nonce></script>')
+);

Original file line number	Diff line number	Diff line change
`@@ -1365,7 +1365,7 @@ public function getContext()`
`1365`	`1365`	`/**`
`1366`	`1366`	`* @return Nette\Http\IRequest`
`1367`	`1367`	`*/`
`1368`		`- protected function getHttpRequest()`
	`1368`	`+ public function getHttpRequest()`
`1369`	`1369`	`{`
`1370`	`1370`	`return $this->httpRequest;`
`1371`	`1371`	`}`
`@@ -1374,7 +1374,7 @@ protected function getHttpRequest()`
`1374`	`1374`	`/**`
`1375`	`1375`	`* @return Nette\Http\IResponse`
`1376`	`1376`	`*/`
`1377`		`- protected function getHttpResponse()`
	`1377`	`+ public function getHttpResponse()`
`1378`	`1378`	`{`
`1379`	`1379`	`return $this->httpResponse;`
`1380`	`1380`	`}`
Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,8 @@ public function createTemplate(UI\Control $control = NULL)`
`103`	`103`	`$latte->addProvider('uiControl', $control);`
`104`	`104`	`$latte->addProvider('uiPresenter', $presenter);`
`105`	`105`	`$latte->addProvider('snippetBridge', new Nette\Bridges\ApplicationLatte\SnippetBridge($control));`
	`106`	`+ $nonce = preg_match('#\s\'nonce-([\w+/]+=*)\'#', $presenter->getHttpResponse()->getHeader('Content-Security-Policy'), $m) ? $m[1] : NULL;`
	`107`	`+ $latte->addProvider('uiNonce', $nonce);`
`106`	`108`	`}`
`107`	`109`	`$latte->addProvider('cacheStorage', $this->cacheStorage);`
`108`	`110`
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@`
`21`	`21`	`* - {link destination ...} control link`
`22`	`22`	`* - {plink destination ...} presenter link`
`23`	`23`	`* - {snippet ?} ... {/snippet ?} control snippet`
	`24`	`+ * - n:once`
`24`	`25`	`*/`
`25`	`26`	`class UIMacros extends Latte\Macros\MacroSet`
`26`	`27`	`{`
`@@ -41,6 +42,7 @@ public static function install(Latte\Compiler $compiler)`
`41`	`42`	`$me->addMacro('ifCurrent', [$me, 'macroIfCurrent'], '}'); // deprecated; use n:class="$presenter->linkCurrent ? ..."`
`42`	`43`	`$me->addMacro('extends', [$me, 'macroExtends']);`
`43`	`44`	`$me->addMacro('layout', [$me, 'macroExtends']);`
	`45`	`+ $me->addMacro('nonce', NULL, NULL, 'echo $this->global->uiNonce ? " nonce=\"{$this->global->uiNonce}\"" : "";');`
`44`	`46`	`}`
`45`	`47`
`46`	`48`