external-repos/squoosh
1
0
Fork 1
mirror of https://github.com/GoogleChromeLabs/squoosh.git synced 2025-11-14 09:39:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added comments

Browse Source
This commit is contained in:
maudnals
2021-12-15 15:38:28 +01:00
parent e673c9c772
commit dd2b2c361f
1 changed files with 22 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/static-build/utils.tsx
View File

@@ -20,17 +20,29 @@ import { StrictCsp } from 'strict-csp';
export function renderPage(vnode: VNode) { export function renderPage(vnode: VNode) {
const htmlString = '<!DOCTYPE html>' + render(vnode); const htmlString = '<!DOCTYPE html>' + render(vnode);
const htmlStringWithCsp = addCspAsMetaTag(htmlString);
const s = new StrictCsp(htmlString); return htmlStringWithCsp;
s.refactorSourcedScriptsForHashBasedCsp();
const scriptHashes = s.hashAllInlineScripts();
const strictCsp = StrictCsp.getStrictCsp(scriptHashes, false, true);
s.addMetaTag(strictCsp);
const htmlWithCspMetaTag = s.serializeDom();
return htmlWithCspMetaTag;
} }
/**
* Add to the html string a strict Content-Security-Policy (CSP), as a meta tag.
* Details at https://web.dev/strict-csp/
*/
function addCspAsMetaTag(htmlString: string) {
const s = new StrictCsp(htmlString);
// Refactor sourced scripts so that we can set a strict CSP
s.refactorSourcedScriptsForHashBasedCsp();
// Hash inline scripts from this html file, if there are any
const scriptHashes = s.hashAllInlineScripts();
// Generate a strict CSP as a string
const strictCsp = StrictCsp.getStrictCsp(scriptHashes, false, true);
// Set this CSP via a meta tag
s.addMetaTag(strictCsp);
const htmlStringWithCsp = s.serializeDom();
return htmlStringWithCsp;
}
interface OutputMap { interface OutputMap {
[path: string]: string; [path: string]: string;
} }
@@ -81,3 +93,4 @@ export const siteOrigin = (() => {
); );
return 'https://squoosh.app'; return 'https://squoosh.app';
})(); })();