rewrite search_field_scale to prevent CSP errors

when the Content-Security-Policy doesn't include 'unsafe-inline', setting the style attribute directly is not allowed.
harvesthq · Oct 15, 2016 · 8906335 · 8906335
1 parent 34fce46
commit 8906335
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 31 deletions.
diff --git a/coffee/chosen.jquery.coffee b/coffee/chosen.jquery.coffee
@@ -467,29 +467,32 @@ class Chosen extends AbstractChosen
     @pending_backstroke = null
 
   search_field_scale: ->
-    if @is_multiple
-      h = 0
-      w = 0
+    return unless @is_multiple
+
+    style_block =
+      position: 'absolute'
+      left: '-1000px'
+      top: '-1000px'
+      display: 'none'
+      whiteSpace: 'pre'
 
-      style_block = "position:absolute; left: -1000px; top: -1000px; display: none; white-space: pre;"
-      styles = ['font-size', 'font-style', 'font-weight', 'font-family', 'line-height', 'text-transform', 'letter-spacing']
+    styles = ['fontSize', 'fontStyle', 'fontWeight', 'fontFamily', 'lineHeight', 'textTransform', 'letterSpacing']
 
-      for style in styles
-        style_block += style + ":" + @search_field.css(style) + ";"
+    for style in styles
+      style_block[style] = @search_field.css(style)
 
-      div = $('<div />', { 'style' : style_block })
-      div.text this.get_search_field_value()
-      $('body').append div
+    div = $('<div />').css(style_block)
+    div.text this.get_search_field_value()
+    $('body').append div
 
-      w = div.width() + 25
-      div.remove()
+    width = div.width() + 25
+    div.remove()
 
-      f_width = @container.outerWidth()
+    container_width = @container.outerWidth()
 
-      if( w > f_width - 10 )
-        w = f_width - 10
+    width = Math.min(container_width - 10, width)
 
-      @search_field.css({'width': w + 'px'})
+    @search_field.width(width)
 
   trigger_form_field_change: (extra) ->
     @form_field_jq.trigger "input", extra

diff --git a/coffee/chosen.proto.coffee b/coffee/chosen.proto.coffee
@@ -462,28 +462,33 @@ class @Chosen extends AbstractChosen
     @pending_backstroke = null
 
   search_field_scale: ->
-    if @is_multiple
-      h = 0
-      w = 0
+    return unless @is_multiple
+
+    style_block =
+      position: 'absolute'
+      left: '-1000px'
+      top: '-1000px'
+      display: 'none'
+      whiteSpace: 'pre'
 
-      style_block = "position:absolute; left: -1000px; top: -1000px; display: none; white-space: pre;"
-      styles = ['font-size', 'font-style', 'font-weight', 'font-family', 'line-height', 'text-transform', 'letter-spacing']
+    styles = ['fontSize', 'fontStyle', 'fontWeight', 'fontFamily', 'lineHeight', 'textTransform', 'letterSpacing']
 
-      for style in styles
-        style_block += style + ":" + @search_field.getStyle(style) + ";"
+    for style in styles
+      style_block[style] = @search_field.getStyle(style)
 
-      div = new Element('div', { 'style' : style_block }).update(this.get_search_field_value().escapeHTML())
-      document.body.appendChild(div)
+    div = new Element('div').update(this.escape_html(this.get_search_field_value()))
+    # CSP without 'unsafe-inline' doesn't allow setting the style attribute directly
+    div.setStyle(style_block)
+    document.body.appendChild(div)
 
-      w = Element.measure(div, 'width') + 25
-      div.remove()
+    width = div.measure('width') + 25
+    div.remove()
 
-      f_width = @container.getWidth()
+    container_width = @container.getWidth()
 
-      if( w > f_width-10 )
-        w = f_width - 10
+    width = Math.min(container_width - 10, width)
 
-      @search_field.setStyle({'width': w + 'px'})
+    @search_field.setStyle(width: width + 'px')
 
   trigger_form_field_change:  ->
     triggerHtmlEvent @form_field, 'input'