diff options
author | Morris Jobke <hey@morrisjobke.de> | 2017-05-20 16:53:30 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-05-20 16:53:30 -0500 |
commit | 0dae4946cfec9124a8514af18f930c1361c55e71 (patch) | |
tree | f6d1f95cd785b28d4e105ec9fca7c009a20eb4be /lib/private | |
parent | dfe944c27265c3cb1cdfb7afdacb2be9522c3873 (diff) | |
parent | fb9f13d4c13d2ea3ba70095f36e73c8915fce47f (diff) | |
download | nextcloud-server-0dae4946cfec9124a8514af18f930c1361c55e71.tar.gz nextcloud-server-0dae4946cfec9124a8514af18f930c1361c55e71.zip |
Merge pull request #4854 from michaelletzgus/deferred-script-loading-v2
Make page loading faster, deferred script loading, now switchable:
Diffstat (limited to 'lib/private')
-rw-r--r-- | lib/private/legacy/template.php | 4 | ||||
-rw-r--r-- | lib/private/legacy/template/functions.php | 37 |
2 files changed, 41 insertions, 0 deletions
diff --git a/lib/private/legacy/template.php b/lib/private/legacy/template.php index b4c69327438..4f7c11d0b64 100644 --- a/lib/private/legacy/template.php +++ b/lib/private/legacy/template.php @@ -12,6 +12,7 @@ * @author Joas Schilling <coding@schilljs.com> * @author Jörn Friedrich Dreyer <jfd@butonic.de> * @author Lukas Reschke <lukas@statuscode.ch> + * @author Michael Letzgus <develope@michael-letzgus.de> * @author Morris Jobke <hey@morrisjobke.de> * @author Raghu Nayyar <hey@raghunayyar.com> * @author Robin Appelman <robin@icewind.nl> @@ -208,6 +209,9 @@ class OC_Template extends \OC\Template\Base { $headers = ''; foreach(OC_Util::$headers as $header) { $headers .= '<'.\OCP\Util::sanitizeHTML($header['tag']); + if ( strcasecmp($header['tag'], 'script') === 0 && in_array('src', array_map('strtolower', array_keys($header['attributes']))) ) { + $headers .= ' defer'; + } foreach($header['attributes'] as $name=>$value) { $headers .= ' '.\OCP\Util::sanitizeHTML($name).'="'.\OCP\Util::sanitizeHTML($value).'"'; } diff --git a/lib/private/legacy/template/functions.php b/lib/private/legacy/template/functions.php index 7814918b815..06eb512b54f 100644 --- a/lib/private/legacy/template/functions.php +++ b/lib/private/legacy/template/functions.php @@ -7,6 +7,7 @@ * @author Joas Schilling <coding@schilljs.com> * @author Jörn Friedrich Dreyer <jfd@butonic.de> * @author Lukas Reschke <lukas@statuscode.ch> + * @author Michael Letzgus <develope@michael-letzgus.de> * @author Morris Jobke <hey@morrisjobke.de> * @author Robin McCorkell <robin@mccorkell.me.uk> * @author Roeland Jago Douma <roeland@famdouma.nl> @@ -38,6 +39,42 @@ function p($string) { } /** + * Prints a <script> tag with nonce and defer depending on config + * @param string $src the source URL, ignored when empty + * @param string $script_content the inline script content, ignored when empty + * @param bool $defer_flag deferred loading or not +*/ +function emit_script_tag($src, $script_content) { + $defer_str=' defer'; + $s='<script nonce="' . \OC::$server->getContentSecurityPolicyNonceManager()->getNonce() . '"'; + if (!empty($src)) { + // emit script tag for deferred loading from $src + $s.=$defer_str.' src="' . $src .'">'; + } else if (!empty($script_content)) { + // emit script tag for inline script from $script_content without defer (see MDN) + $s.=">\n".$script_content."\n"; + } else { + // no $src nor $src_content, really useless empty tag + $s.='>'; + } + $s.='</script>'; + print_unescaped($s."\n"); +} + +/** + * Print all <script> tags for loading JS + * @param hash $obj all the script information from template +*/ +function emit_script_loading_tags($obj) { + if (!empty($obj['inline_ocjs'])) { + emit_script_tag('', $obj['inline_ocjs']); + } + foreach($obj['jsfiles'] as $jsfile) { + emit_script_tag($jsfile, ''); + } +} + +/** * Prints an unsanitized string - usage of this function may result into XSS. * Consider using p() instead. * @param string|array $string the string which will be printed as it is |