From 31e98e4cf77518169df168c63766fc62444c40eb Mon Sep 17 00:00:00 2001 From: Nivesh Krishna Date: Tue, 15 Nov 2022 00:30:36 +0530 Subject: [PATCH 1/3] remove unsafe inline script --- etc/nginx/conf.d/spot.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/nginx/conf.d/spot.conf b/etc/nginx/conf.d/spot.conf index f60600960..3026429c3 100644 --- a/etc/nginx/conf.d/spot.conf +++ b/etc/nginx/conf.d/spot.conf @@ -3,7 +3,7 @@ server { server_name _; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; - add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data:; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"; + add_header Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src 'self' https://yewtu.be https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"; add_header X-Frame-Options "SAMEORIGIN"; root /var/www/spot; -- GitLab From ff387f82a96745d7f3ee7c7937934ed41b585ee5 Mon Sep 17 00:00:00 2001 From: Nivesh Krishna Date: Tue, 15 Nov 2022 12:36:31 +0530 Subject: [PATCH 2/3] move script out of html --- searx/static/themes/etheme/js/math.init.js | 71 +++++++++++++++++++++ searx/static/themes/etheme/js/searx.js | 10 +-- searx/templates/etheme/results.html | 74 +--------------------- 3 files changed, 78 insertions(+), 77 deletions(-) create mode 100644 searx/static/themes/etheme/js/math.init.js diff --git a/searx/static/themes/etheme/js/math.init.js b/searx/static/themes/etheme/js/math.init.js new file mode 100644 index 000000000..4088f00c3 --- /dev/null +++ b/searx/static/themes/etheme/js/math.init.js @@ -0,0 +1,71 @@ +window.addEventListener('load', function() { + let q = document.getElementsByName('q')[0].value + + // Define custom units here + math.createUnit('mph', '1 mile/hour') + math.createUnit('kmph', '1 km/hour') + math.createUnit('sqmt', '1 m2') + math.createUnit('cumt', '1 m3') + + const exp = new RegExp(".*?(\\d+(?:\\.\\d+)?)\s?([^.0-9]+) (?:in|to|en|dans|nel|pour|para|zu) ([^.0-9]+)", "i"); + let m = q.match(exp) + let answer_section = null + if (m) { + try { + let value = math.evaluate(m[1] + m[2] + " to " + m[3]) + + if (value.toString() !== q) { + + let info = math.evaluate(1 + m[2] + " to " + m[3]) + // Round off solution to 5 decimals + let sol = math.round(Number(value.toString().split(" ")[0]), 5) + answer_section = ` +
+ + ${sol} ${m[3]} + +
+
+ + 1 ${m[2]} = ${info} + +
+ ` + } + } catch (error) { + // pass exception here + // nothing to do + } + + } else { + try { + let value = math.evaluate(q) + if (value.toString() !== q) { + + if (typeof(value) === "number" || typeof(value) === "object") { + answer_section = ` +
+ + ${q} = ${value} + +
+ ` + } + } + } catch (error) { + // pass exception here + // nothing to do + } + + } + + document.getElementById('unit_conversions').innerHTML = answer_section + + // Do not show currency when conversions is active + if (answer_section) { + let currency = document.getElementById('currency') + if (currency) { + currency.remove() + } + } +}) \ No newline at end of file diff --git a/searx/static/themes/etheme/js/searx.js b/searx/static/themes/etheme/js/searx.js index 72519d140..5be268e31 100644 --- a/searx/static/themes/etheme/js/searx.js +++ b/searx/static/themes/etheme/js/searx.js @@ -204,10 +204,12 @@ $(document).ready(function(){ // Hide infobox toggle if shrunk size already fits all content. $('.infobox').each(function() { var infobox_body = $(this).find('.infobox_body'); - var total_height = infobox_body.prop('scrollHeight') + infobox_body.find('img.infobox_part').height(); - var max_height = infobox_body.css('max-height').replace('px', ''); - if (total_height <= max_height) { - $(this).find('.infobox_toggle').hide(); + if (infobox_body.length) { + var total_height = infobox_body.prop('scrollHeight') + infobox_body.find('img.infobox_part').height(); + var max_height = infobox_body.css('max-height').replace('px', ''); + if (total_height <= max_height) { + $(this).find('.infobox_toggle').hide(); + } } }); }); diff --git a/searx/templates/etheme/results.html b/searx/templates/etheme/results.html index 10a0fa6da..a0105fd98 100644 --- a/searx/templates/etheme/results.html +++ b/searx/templates/etheme/results.html @@ -148,78 +148,6 @@ - - + {% endblock %} -- GitLab From 4264117c08f2d91b47d6d8cb73545a158a97f9e8 Mon Sep 17 00:00:00 2001 From: Nivesh Krishna Date: Tue, 15 Nov 2022 13:20:37 +0530 Subject: [PATCH 3/3] update .min file --- searx/static/themes/etheme/js/searx.min.js | Bin 5695 -> 5709 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/searx/static/themes/etheme/js/searx.min.js b/searx/static/themes/etheme/js/searx.min.js index 3c661b9912fea75fe520ffcbdb9a4b575bbafc2d..46797642a4f4a8edc52dbc30cf28bf546f64b5a7 100644 GIT binary patch delta 37 tcmdn5b5>_VKNoLinnt2tPHJ9yNrq