Skip to content

Commit

Permalink
Limit allowed script tags, allow adding stylesheet for now
Browse files Browse the repository at this point in the history
  • Loading branch information
guerler committed Aug 1, 2024
1 parent 395ce04 commit 6991665
Showing 1 changed file with 16 additions and 6 deletions.
Original file line number Diff line number Diff line change
@@ -1,19 +1,29 @@
# -*- coding: utf-8 -*-
<%inherit file="visualization_base.mako"/>

## No stylesheets
<%def name="stylesheets()"></%def>
## Add stylesheet
<%def name="stylesheets()">
<% css = script_attributes.get("css") %>
%if css is not None:
<link rel="stylesheet" href="${css}">
%endif
</%def>

## Create a container, attach data and import script file
<%def name="late_javascripts()">
<% container = script_attributes.get("container") or "app" %>
<%def name="get_body()">
## Collect incoming data
<% data_incoming = {
"visualization_id": visualization_id,
"visualization_name": visualization_name,
"visualization_plugin": visualization_plugin,
"visualization_config": config }
%>
## Create a container with default identifier `app`
<% container = script_attributes.get("container") or "app" %>
<div id="${container}" data-incoming='${h.dumps(data_incoming)}'></div>
<% tag_attrs = ' '.join([ '{0}="{1}"'.format( key, attr ) for key, attr in script_attributes.items() ]) %>
<script type="text/javascript" ${tag_attrs}></script>
## Add script tag
<% src = script_attributes.get("src") %>
<script type="text/javascript" src=${src}></script>
</%def>

0 comments on commit 6991665

Please sign in to comment.