diff options
Diffstat (limited to 'actionview/lib/action_view/helpers/javascript_helper.rb')
| -rw-r--r-- | actionview/lib/action_view/helpers/javascript_helper.rb | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/actionview/lib/action_view/helpers/javascript_helper.rb b/actionview/lib/action_view/helpers/javascript_helper.rb index cce7c1dcfd..830088bea3 100644 --- a/actionview/lib/action_view/helpers/javascript_helper.rb +++ b/actionview/lib/action_view/helpers/javascript_helper.rb @@ -1,9 +1,9 @@ # frozen_string_literal: true -require_relative "tag_helper" +require "action_view/helpers/tag_helper" module ActionView - module Helpers + module Helpers #:nodoc: module JavaScriptHelper JS_ESCAPE_MAP = { '\\' => '\\\\', @@ -63,6 +63,13 @@ module ActionView # <%= javascript_tag defer: 'defer' do -%> # alert('All is good') # <% end -%> + # + # If you have a content security policy enabled then you can add an automatic + # nonce value by passing <tt>nonce: true</tt> as part of +html_options+. Example: + # + # <%= javascript_tag nonce: true do -%> + # alert('All is good') + # <% end -%> def javascript_tag(content_or_options_with_block = nil, html_options = {}, &block) content = if block_given? @@ -72,6 +79,10 @@ module ActionView content_or_options_with_block end + if html_options[:nonce] == true + html_options[:nonce] = content_security_policy_nonce + end + content_tag("script".freeze, javascript_cdata_section(content), html_options) end |