Skip to content

Commit

Permalink
Fix #2423: Add CSP NONCE to inline style elements if found (#2442)
Browse files Browse the repository at this point in the history
  • Loading branch information
melloware authored Nov 18, 2021
1 parent b83a9ca commit bbb8795
Show file tree
Hide file tree
Showing 6 changed files with 23 additions and 12 deletions.
3 changes: 1 addition & 2 deletions src/components/carousel/Carousel.js
Original file line number Diff line number Diff line change
Expand Up @@ -371,8 +371,7 @@ export class Carousel extends Component {

createStyle() {
if (!this.carouselStyle) {
this.carouselStyle = document.createElement('style');
document.body.appendChild(this.carouselStyle);
this.carouselStyle = DomHandler.createInlineStyle();
}

let innerHTML = `
Expand Down
6 changes: 2 additions & 4 deletions src/components/datatable/DataTable.js
Original file line number Diff line number Diff line change
Expand Up @@ -951,14 +951,12 @@ export class DataTable extends Component {
}

createStyleElement() {
this.styleElement = document.createElement('style');
document.head.appendChild(this.styleElement);
this.styleElement = DomHandler.createInlineStyle();
}

createResponsiveStyle() {
if (!this.responsiveStyleElement) {
this.responsiveStyleElement = document.createElement('style');
document.head.appendChild(this.responsiveStyleElement);
this.responsiveStyleElement = DomHandler.createInlineStyle();

let innerHTML = `
@media screen and (max-width: ${this.props.breakpoint}) {
Expand Down
3 changes: 1 addition & 2 deletions src/components/dialog/Dialog.js
Original file line number Diff line number Diff line change
Expand Up @@ -492,8 +492,7 @@ export class Dialog extends Component {

createStyle() {
if (!this.styleElement) {
this.styleElement = document.createElement('style');
document.head.appendChild(this.styleElement);
this.styleElement = DomHandler.createInlineStyle();

let innerHTML = '';
for (let breakpoint in this.props.breakpoints) {
Expand Down
3 changes: 1 addition & 2 deletions src/components/galleria/GalleriaThumbnails.js
Original file line number Diff line number Diff line change
Expand Up @@ -244,8 +244,7 @@ export class GalleriaThumbnails extends Component {

createStyle() {
if (!this.thumbnailsStyle) {
this.thumbnailsStyle = document.createElement('style');
document.body.appendChild(this.thumbnailsStyle);
this.thumbnailsStyle = DomHandler.createInlineStyle();
}

let innerHTML = `
Expand Down
3 changes: 1 addition & 2 deletions src/components/overlaypanel/OverlayPanel.js
Original file line number Diff line number Diff line change
Expand Up @@ -230,8 +230,7 @@ export class OverlayPanel extends Component {

createStyle() {
if (!this.styleElement) {
this.styleElement = document.createElement('style');
document.head.appendChild(this.styleElement);
this.styleElement = DomHandler.createInlineStyle();

let innerHTML = '';
for (let breakpoint in this.props.breakpoints) {
Expand Down
17 changes: 17 additions & 0 deletions src/components/utils/DomHandler.js
Original file line number Diff line number Diff line change
Expand Up @@ -864,4 +864,21 @@ export default class DomHandler {
}
}
}

/**
* Anytime an inline style is created check environment variable 'process.env.REACT_APP_CSS_NONCE'
* to set a CSP NONCE.
*
* @see https://github.com/primefaces/primereact/issues/2423
* @return HtmlStyleElement
*/
static createInlineStyle() {
let styleElement = document.createElement('style');
let nonce = process.env.REACT_APP_CSS_NONCE;
if (nonce) {
styleElement.setAttribute('nonce', nonce);
}
document.head.appendChild(styleElement);
return styleElement;
}
}

0 comments on commit bbb8795

Please sign in to comment.