AI OnAI Off
I have solved it in the "dirty" way above.
In case someone wants to know how, here's also the missing ReplaceQuickNavigatorScriptWithNonceScript which uses HtmlAgilityPack:
private static IHtmlString ReplaceQuickNavigatorScriptWithNonceScript(IHtmlString originalEpiServerScript)
{
ICspConfiguration cspConfig = ServiceLocator.Current.GetInstance<ICspConfiguration>();
if (!Feature<SwitchContentSecurityOptimizations>.Is().Enabled || !cspConfig.IsCspScriptNonceEnabled)
{
return originalEpiServerScript;
}
INonceProvider nonceProvider = ServiceLocator.Current.GetInstance<INonceProvider>();
HtmlDocument doc = new HtmlDocument();
doc.LoadHtml(originalEpiServerScript.ToHtmlString());
IEnumerable<HtmlNode> relevantScriptTags = doc.DocumentNode.Descendants("script")
.Where(script => script.Attributes["nonce"] == null &&
(script.Attributes["src"] != null || !string.IsNullOrWhiteSpace(script.InnerText)));
foreach (HtmlNode script in relevantScriptTags)
{
script.Attributes.Add("nonce", nonceProvider.CspScriptNonce);
}
return new HtmlString(doc.DocumentNode.OuterHtml);
}
Hello guys,
i have a question regarding CSP unsafe-inline of RenderEPiServerQuickNavigator.
It renders script like this:
How can i add a nonce value to the inline script to avoid csp violation? The only way i see is using string replace.
Pseudo code:
Regards,
Tim