From 890633547b137f045dae1abd4a0e0d6676cd65a5 Mon Sep 17 00:00:00 2001 From: Koen Punt Date: Sat, 15 Oct 2016 14:12:39 +0200 Subject: [PATCH] rewrite search_field_scale to prevent CSP errors when the Content-Security-Policy doesn't include 'unsafe-inline', setting the style attribute directly is not allowed. --- coffee/chosen.jquery.coffee | 35 +++++++++++++++++++---------------- coffee/chosen.proto.coffee | 35 ++++++++++++++++++++--------------- 2 files changed, 39 insertions(+), 31 deletions(-) diff --git a/coffee/chosen.jquery.coffee b/coffee/chosen.jquery.coffee index 5f441137790..ca120099268 100644 --- a/coffee/chosen.jquery.coffee +++ b/coffee/chosen.jquery.coffee @@ -467,29 +467,32 @@ class Chosen extends AbstractChosen @pending_backstroke = null search_field_scale: -> - if @is_multiple - h = 0 - w = 0 + return unless @is_multiple + + style_block = + position: 'absolute' + left: '-1000px' + top: '-1000px' + display: 'none' + whiteSpace: 'pre' - style_block = "position:absolute; left: -1000px; top: -1000px; display: none; white-space: pre;" - styles = ['font-size', 'font-style', 'font-weight', 'font-family', 'line-height', 'text-transform', 'letter-spacing'] + styles = ['fontSize', 'fontStyle', 'fontWeight', 'fontFamily', 'lineHeight', 'textTransform', 'letterSpacing'] - for style in styles - style_block += style + ":" + @search_field.css(style) + ";" + for style in styles + style_block[style] = @search_field.css(style) - div = $('
', { 'style' : style_block }) - div.text this.get_search_field_value() - $('body').append div + div = $('
').css(style_block) + div.text this.get_search_field_value() + $('body').append div - w = div.width() + 25 - div.remove() + width = div.width() + 25 + div.remove() - f_width = @container.outerWidth() + container_width = @container.outerWidth() - if( w > f_width - 10 ) - w = f_width - 10 + width = Math.min(container_width - 10, width) - @search_field.css({'width': w + 'px'}) + @search_field.width(width) trigger_form_field_change: (extra) -> @form_field_jq.trigger "input", extra diff --git a/coffee/chosen.proto.coffee b/coffee/chosen.proto.coffee index e9c19fac7ba..8596e52a9d9 100644 --- a/coffee/chosen.proto.coffee +++ b/coffee/chosen.proto.coffee @@ -462,28 +462,33 @@ class @Chosen extends AbstractChosen @pending_backstroke = null search_field_scale: -> - if @is_multiple - h = 0 - w = 0 + return unless @is_multiple + + style_block = + position: 'absolute' + left: '-1000px' + top: '-1000px' + display: 'none' + whiteSpace: 'pre' - style_block = "position:absolute; left: -1000px; top: -1000px; display: none; white-space: pre;" - styles = ['font-size', 'font-style', 'font-weight', 'font-family', 'line-height', 'text-transform', 'letter-spacing'] + styles = ['fontSize', 'fontStyle', 'fontWeight', 'fontFamily', 'lineHeight', 'textTransform', 'letterSpacing'] - for style in styles - style_block += style + ":" + @search_field.getStyle(style) + ";" + for style in styles + style_block[style] = @search_field.getStyle(style) - div = new Element('div', { 'style' : style_block }).update(this.get_search_field_value().escapeHTML()) - document.body.appendChild(div) + div = new Element('div').update(this.escape_html(this.get_search_field_value())) + # CSP without 'unsafe-inline' doesn't allow setting the style attribute directly + div.setStyle(style_block) + document.body.appendChild(div) - w = Element.measure(div, 'width') + 25 - div.remove() + width = div.measure('width') + 25 + div.remove() - f_width = @container.getWidth() + container_width = @container.getWidth() - if( w > f_width-10 ) - w = f_width - 10 + width = Math.min(container_width - 10, width) - @search_field.setStyle({'width': w + 'px'}) + @search_field.setStyle(width: width + 'px') trigger_form_field_change: -> triggerHtmlEvent @form_field, 'input'