mirror of
https://github.com/searxng/searxng
synced 2024-01-01 18:24:07 +00:00
[fix] simple theme: make autocomplete-js CSP compliant
The CSP issue is, that the `_Position` function in the autocomplete-js set the style attributes by `setAttribute("style", ...)`. Using `setAttribute` to set the style attribute invokes the HTML parser and CSP is triggered [1]. This patch overwrite the `_Position` function of autocomplete-js. BTW: remove trailing whitespace [1] https://stackoverflow.com/a/57633533 Closes: https://github.com/searxng/searxng/issues/352 Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
parent
e4a2d354aa
commit
2b26285a73
@ -67,6 +67,12 @@
|
||||
},
|
||||
MinChars: 4,
|
||||
Delay: 300,
|
||||
_Position:function() {
|
||||
this.DOMResults.setAttribute("class", "autocomplete");
|
||||
this.DOMResults.style.top = (this.Input.offsetTop + this.Input.offsetHeight) + "px";
|
||||
this.DOMResults.style.left = this.Input.offsetLeft + "px";
|
||||
this.DOMResults.style.width = this.Input.clientWidth + "px";
|
||||
},
|
||||
}, "#" + qinput_id);
|
||||
|
||||
// hack, see : https://github.com/autocompletejs/autocomplete.js/issues/37
|
||||
|
Loading…
Reference in New Issue
Block a user