summaryrefslogtreecommitdiffstats
path: root/lib/private/legacy/template/functions.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/legacy/template/functions.php')
-rw-r--r--lib/private/legacy/template/functions.php37
1 files changed, 37 insertions, 0 deletions
diff --git a/lib/private/legacy/template/functions.php b/lib/private/legacy/template/functions.php
index 7814918b815..06eb512b54f 100644
--- a/lib/private/legacy/template/functions.php
+++ b/lib/private/legacy/template/functions.php
@@ -7,6 +7,7 @@
* @author Joas Schilling <coding@schilljs.com>
* @author Jörn Friedrich Dreyer <jfd@butonic.de>
* @author Lukas Reschke <lukas@statuscode.ch>
+ * @author Michael Letzgus <develope@michael-letzgus.de>
* @author Morris Jobke <hey@morrisjobke.de>
* @author Robin McCorkell <robin@mccorkell.me.uk>
* @author Roeland Jago Douma <roeland@famdouma.nl>
@@ -38,6 +39,42 @@ function p($string) {
}
/**
+ * Prints a <script> tag with nonce and defer depending on config
+ * @param string $src the source URL, ignored when empty
+ * @param string $script_content the inline script content, ignored when empty
+ * @param bool $defer_flag deferred loading or not
+*/
+function emit_script_tag($src, $script_content) {
+ $defer_str=' defer';
+ $s='<script nonce="' . \OC::$server->getContentSecurityPolicyNonceManager()->getNonce() . '"';
+ if (!empty($src)) {
+ // emit script tag for deferred loading from $src
+ $s.=$defer_str.' src="' . $src .'">';
+ } else if (!empty($script_content)) {
+ // emit script tag for inline script from $script_content without defer (see MDN)
+ $s.=">\n".$script_content."\n";
+ } else {
+ // no $src nor $src_content, really useless empty tag
+ $s.='>';
+ }
+ $s.='</script>';
+ print_unescaped($s."\n");
+}
+
+/**
+ * Print all <script> tags for loading JS
+ * @param hash $obj all the script information from template
+*/
+function emit_script_loading_tags($obj) {
+ if (!empty($obj['inline_ocjs'])) {
+ emit_script_tag('', $obj['inline_ocjs']);
+ }
+ foreach($obj['jsfiles'] as $jsfile) {
+ emit_script_tag($jsfile, '');
+ }
+}
+
+/**
* Prints an unsanitized string - usage of this function may result into XSS.
* Consider using p() instead.
* @param string|array $string the string which will be printed as it is