Add nonces to script tags (#177)

Author: labkey-adam

exampleassay/resources/assay/example/views/upload.html

@@ -38,7 +38,7 @@
     </a>
 </p>
 
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 function done()
 {

interactiveTutorial/resources/views/Lab Results.html

@@ -1,5 +1,5 @@
 <div id='divLabResults'/>
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 // Ensure that page dependencies are loaded
 LABKEY.requiresExt3ClientAPI(function() {

interactiveTutorial/resources/views/Physical Exam.html

@@ -1,5 +1,5 @@
 <div id='divPhysicalExam'/>
-<script type="text/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
 
 // Ensure that page dependencies are loaded
 LABKEY.requiresExt3ClientAPI(function() {

reactExamples/resources/views/demoWebpart.html

@@ -1,4 +1,4 @@
-<script type="application/javascript">
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     +function() {
         LABKEY.App.loadApp('demoWebpart', <%=webpartContext%>.wrapperDivId);
     }();

sourdough/resources/views/_header.html

@@ -1,4 +1,4 @@
-<script>
+<script type="text/javascript" nonce="<%=scriptNonce%>">
     const elems = document.querySelectorAll("div[id^='ModuleHtmlView']");
     elems[0].style.display = "inline";
 </script>

sourdough/resources/views/login.html

@@ -6,15 +6,15 @@
         <input id="email" name="email" type="text" class="input-block" tabindex="1" autocomplete="off">
         <label for="password">Password</label>
         <div class="forgot-password-link">
-            <a href="login-resetPassword.view?">Forgot password</a>
+            <a href="login-resetPassword.view">Forgot password</a>
         </div>
         <input id="password" name="password" type="password" class="input-block" tabindex="2" autocomplete="off">
         <input tabindex="3" type="checkbox" name="remember" id="remember"  checked> Remember my email address
         <div class="termsOfUseSection" hidden>
             <div class="auth-header auth-item">Terms of Use</div>
             <div class="toucontent auth-item termsOfUseContent"></div>
             <div class="auth-item">
-                <input type="checkbox" tabindex="4" name="approvedTermsOfUse" id="approvedTermsOfUse" class="auth-item" unchecked>
+                <input type="checkbox" tabindex="4" name="approvedTermsOfUse" id="approvedTermsOfUse" class="auth-item">
                 <label for="approvedTermsOfUse">I agree to these terms</label>
             </div>
         </div>
@@ -23,7 +23,7 @@
             <input type="submit" tabindex="-1" class="loginSubmitButton"/>
             <a tabindex="5" class="labkey-button primary signin-btn"><span>Sign In</span></a>
             <span class="registrationSection" hidden>
-                <a class="labkey-button" id="registerButton" href="login-register.view?">Register</a>
+                <a class="labkey-button" id="registerButton" href="login-register.view">Register</a>
             </span>
         </div>
         <div class="signing-in-msg" hidden>
@@ -36,8 +36,10 @@
     </div>
 </form>
 
-<script type="application/javascript" nonce="<%= scriptNonce %>">
-    if (LABKEY.ActionURL.getParameter('returnUrl')) {
-        document.getElementById('registerButton').href += 'returnUrl=' + encodeURIComponent(LABKEY.ActionURL.getParameter('returnUrl'));
-    }
+<script type="text/javascript" nonce="<%=scriptNonce%>">
+    LABKEY.Utils.onReady(function() {
+        if (LABKEY.ActionURL.getParameter('returnUrl')) {
+            document.getElementById('registerButton').href += '?returnUrl=' + encodeURIComponent(LABKEY.ActionURL.getParameter('returnUrl'));
+        }
+    });
 </script>

sourdough/resources/views/styling.html

@@ -8,7 +8,7 @@
         <img class="loaf" src="https://media.tenor.com/TTTGbs0vtOEAAAAi/bread-spin.gif"  alt="bouncing bread"/>
 
         <div>
-            Click <a href="<%=contextPath%>/project<%=containerPath%>/sourdough-styling.view"> here </a> to see this panel as a full page!
+            Click <a href="<%=contextPath%><%=containerPath%>/sourdough-styling.view"> here </a> to see this panel as a full page!
         </div>
     </div>