remove unsafe inline script (aecc83ad) · Commits · e / infra / spot

etc/nginx/conf.d/spot.conf

+1 −1

Original line number	Diff line number	Diff line
		@@ -3,7 +3,7 @@ server {
		server_name _;

		add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
		add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data:; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
		add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://yewtu.be https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com";
		add_header X-Frame-Options "SAMEORIGIN";

		root /var/www/spot;

searx/static/themes/etheme/js/math.init.js

0 → 100644

+71 −0

Original line number	Diff line number	Diff line
		window.addEventListener('load', function() {
		let q = document.getElementsByName('q')[0].value

		// Define custom units here
		math.createUnit('mph', '1 mile/hour')
		math.createUnit('kmph', '1 km/hour')
		math.createUnit('sqmt', '1 m2')
		math.createUnit('cumt', '1 m3')

		const exp = new RegExp(".*?(\\d+(?:\\.\\d+)?)\s?([^.0-9]+) (?:in\|to\|en\|dans\|nel\|pour\|para\|zu) ([^.0-9]+)", "i");
		let m = q.match(exp)
		let answer_section = null
		if (m) {
		try {
		let value = math.evaluate(m[1] + m[2] + " to " + m[3])

		if (value.toString() !== q) {

		let info = math.evaluate(1 + m[2] + " to " + m[3])
		// Round off solution to 5 decimals
		let sol = math.round(Number(value.toString().split(" ")[0]), 5)
		answer_section = `
		<div class="result conversion-value">
		<span>
		${sol} ${m[3]}
		</span>
		</div>
		<div class="result conversion-info">
		<span class="conversion">
		1 ${m[2]} = ${info}
		</span>
		</div>
		`
		}
		} catch (error) {
		// pass exception here
		// nothing to do
		}

		} else {
		try {
		let value = math.evaluate(q)
		if (value.toString() !== q) {

		if (typeof(value) === "number" \|\| typeof(value) === "object") {
		answer_section = `
		<div class="result conversion-value">
		<span>
		${q} = ${value}
		</span>
		</div>
		`
		}
		}
		} catch (error) {
		// pass exception here
		// nothing to do
		}

		}

		document.getElementById('unit_conversions').innerHTML = answer_section

		// Do not show currency when conversions is active
		if (answer_section) {
		let currency = document.getElementById('currency')
		if (currency) {
		currency.remove()
		}
		}
		})
		No newline at end of file

searx/static/themes/etheme/js/searx.js

+6 −4

Original line number	Diff line number	Diff line
		@@ -204,11 +204,13 @@ $(document).ready(function(){
		// Hide infobox toggle if shrunk size already fits all content.
		$('.infobox').each(function() {
		var infobox_body = $(this).find('.infobox_body');
		if (infobox_body.length) {
		var total_height = infobox_body.prop('scrollHeight') + infobox_body.find('img.infobox_part').height();
		var max_height = infobox_body.css('max-height').replace('px', '');
		if (total_height <= max_height) {
		$(this).find('.infobox_toggle').hide();
		}
		}
		});
		});
		;/**

searx/static/themes/etheme/js/searx.min.js

+0 −0

File changed.

Preview suppressed by a .gitattributes entry or the file's encoding is unsupported.

View original file

View changed file

searx/templates/etheme/results.html

+1 −73

Original line number	Diff line number	Diff line
		@@ -148,78 +148,6 @@


		</div>

		<script>
		let q = {{ q \| tojson }}

		// Define custom units here
		math.createUnit('mph', '1 mile/hour')
		math.createUnit('kmph', '1 km/hour')
		math.createUnit('sqmt', '1 m2')
		math.createUnit('cumt', '1 m3')

		const exp = new RegExp(".*?(\\d+(?:\\.\\d+)?)\s?([^.0-9]+) (?:in\|to\|en\|dans\|nel\|pour\|para\|zu) ([^.0-9]+)", "i");
		let m = q.match(exp)
		let answer_section = null
		if (m) {
		try {
		let value = math.evaluate(m[1] + m[2] + " to " + m[3])

		if (value.toString() !== q) {

		let info = math.evaluate(1 + m[2] + " to " + m[3])
		// Round off solution to 5 decimals
		let sol = math.round(Number(value.toString().split(" ")[0]), 5)
		answer_section = `
		<div class="result conversion-value">
		<span>
		${sol} ${m[3]}
		</span>
		</div>
		<div class="result conversion-info">
		<span class="conversion">
		1 ${m[2]} = ${info}
		</span>
		</div>
		`
		}
		} catch (error) {
		// pass exception here
		// nothing to do
		}

		} else {
		try {
		let value = math.evaluate(q)
		if (value.toString() !== q) {

		if (typeof(value) === "number" \|\| typeof(value) === "object") {
		answer_section = `
		<div class="result conversion-value">
		<span>
		${q} = ${value}
		</span>
		</div>
		`
		}
		}
		} catch (error) {
		// pass exception here
		// nothing to do
		}

		}

		document.getElementById('unit_conversions').innerHTML = answer_section

		// Do not show currency when conversions is active
		if (answer_section) {
		let currency = document.getElementById('currency')
		if (currency) {
		currency.remove()
		}
		}

		</script>
		<script src="{{ url_for('static', filename='js/math.init.js', v=version[0]) }}"></script>

		{% endblock %}