WebClient: update pdfobject

also add csp nonce when loading javascript files

Signed-off-by: Nicola Murino <[email protected]>

templates/webclient/base.html

@@ -292,8 +292,8 @@ explicit grant from the SFTPGo Team ([email protected]).
         </div>
 
         {{- block "modals" .}}{{- end}}
-		<script src="{{.StaticURL}}/assets/plugins/global/plugins.bundle.js"></script>
-		<script src="{{.StaticURL}}/assets/js/scripts.bundle.js"></script>
+		<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/global/plugins.bundle.js"></script>
+		<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/js/scripts.bundle.js"></script>
 		{{- template "basejs" .CSPNonce }}
         <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
             var ModalAlert = function () {

templates/webclient/baselogin.html

@@ -44,8 +44,8 @@ explicit grant from the SFTPGo Team ([email protected]).
 				</div>
 			</div>
 		</div>
-		<script src="{{.StaticURL}}/assets/plugins/global/plugins.bundle.js"></script>
-		<script src="{{.StaticURL}}/assets/js/scripts.bundle.js"></script>
+		<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/global/plugins.bundle.js"></script>
+		<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/js/scripts.bundle.js"></script>
 		{{- template "basejs" .CSPNonce }}
 		<script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
 			KTUtil.onDOMContentLoaded(function () {

templates/webclient/editfile.html

@@ -100,7 +100,7 @@ explicit grant from the SFTPGo Team ([email protected]).
 {{- end}}
 
 {{- define "extra_js"}}
-<script src="{{.StaticURL}}/vendor/codemirror/cm6.bundle.min.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/vendor/codemirror/cm6.bundle.min.js"></script>
 <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
     var cmView;
 

templates/webclient/files.html

@@ -178,9 +178,9 @@ explicit grant from the SFTPGo Team ([email protected]).
 {{- end}}
 
 {{- define "extra_js"}}
-<script src="{{.StaticURL}}/assets/plugins/custom/datatables/datatables.bundle.js"></script>
-<script src="{{.StaticURL}}/vendor/glightbox/glightbox.min.js"></script>
-<script src="{{.StaticURL}}/vendor/pdfobject/pdfobject.min.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/custom/datatables/datatables.bundle.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/vendor/glightbox/glightbox.min.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/vendor/pdfobject/pdfobject.min.js"></script>
 <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
     //{{- if not .ShareUploadBaseURL}}
     const supportedEditExtensions = ["csv", "bat", "dyalog", "apl", "asc", "pgp", "sig", "asn", "asn1", "b", "bf",

templates/webclient/profile.html

@@ -138,7 +138,7 @@ explicit grant from the SFTPGo Team ([email protected]).
 
 {{- define "extra_js"}}
 {{- if .LoggedUser.CanManagePublicKeys}}
-<script src="{{.StaticURL}}/assets/plugins/custom/formrepeater/formrepeater.bundle.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/custom/formrepeater/formrepeater.bundle.js"></script>
 <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
     KTUtil.onDOMContentLoaded(function () {
         initRepeater('#public_keys');

templates/webclient/share.html

@@ -188,7 +188,7 @@ explicit grant from the SFTPGo Team ([email protected]).
 {{- end}}
 
 {{- define "extra_js"}}
-<script src="{{.StaticURL}}/assets/plugins/custom/formrepeater/formrepeater.bundle.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/custom/formrepeater/formrepeater.bundle.js"></script>
 <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
     KTUtil.onDOMContentLoaded(function () {
             initRepeater('#paths');

templates/webclient/shares.html

@@ -105,7 +105,7 @@ explicit grant from the SFTPGo Team ([email protected]).
 {{end}}
 
 {{define "extra_js"}}
-<script src="{{.StaticURL}}/assets/plugins/custom/datatables/datatables.bundle.js"></script>
+<script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/assets/plugins/custom/datatables/datatables.bundle.js"></script>
 <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
 
     function deleteAction(shareID) {

templates/webclient/viewpdf.html

@@ -26,7 +26,7 @@ explicit grant from the SFTPGo Team ([email protected]).
     </head>
 
 <body>
-    <script src="{{.StaticURL}}/vendor/pdfobject/pdfobject.min.js"></script>
+    <script {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}} src="{{.StaticURL}}/vendor/pdfobject/pdfobject.min.js"></script>
     <script type="text/javascript" {{- if .CSPNonce}} nonce="{{.CSPNonce}}"{{- end}}>
         PDFObject.embed("{{.URL}}", document.body);
     </script>