ZaclysIndustries/searxngRebrandZaclys
2
0
Fork 0
forked from zaclys/searxng
Code Issues Pull requests Activity

[fix] simple theme: make autocomplete-js CSP compliant

Browse source 
The CSP issue is, that the `_Position` function in the autocomplete-js set the
style attributes by `setAttribute("style", ...)`.  Using `setAttribute` to set
the style attribute invokes the HTML parser and CSP is triggered [1].

This patch overwrite the `_Position` function of autocomplete-js.

BTW: remove trailing whitespace

[1] https://stackoverflow.com/a/57633533

Closes: https://github.com/searxng/searxng/issues/352
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Markus Heiser 2021-12-05 11:32:04 +01:00
parent e4a2d354aa
commit 2b26285a73
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
searx/static/themes/simple/src/js/main/search.js
View file

@ -67,6 +67,12 @@
},
MinChars: 4,
Delay: 300,
_Position:function() {
this.DOMResults.setAttribute("class", "autocomplete");
this.DOMResults.style.top = (this.Input.offsetTop + this.Input.offsetHeight) + "px";
this.DOMResults.style.left = this.Input.offsetLeft + "px";
this.DOMResults.style.width = this.Input.clientWidth + "px";
},
}, "#" + qinput_id);
// hack, see : https://github.com/autocompletejs/autocomplete.js/issues/37