Add nonce attribute to all JavaScript tags in snippet templates autom…

…atically

controllers/AbstractCustomContainerController.php

@@ -10,6 +10,7 @@
 use humhub\components\access\StrictAccess;
 use humhub\modules\admin\permissions\ManageModules;
 use humhub\modules\content\components\ContentContainerController;
+use humhub\modules\custom_pages\helpers\Html;
 use humhub\modules\custom_pages\models\ContainerPage;
 use humhub\modules\custom_pages\models\ContainerSnippet;
 use humhub\modules\custom_pages\models\CustomContentContainer;
@@ -116,8 +117,6 @@ public function renderTemplate($page, $editMode = null)
         $canEdit = PagePermission::canEdit();
         $editMode = ($editMode || Yii::$app->request->get('editMode')) && $canEdit;
 
-        $html = '';
-
         if(!$canEdit && TemplateCache::exists($templateInstance)) {
             $html = TemplateCache::get($templateInstance);
         } else {
@@ -126,7 +125,8 @@ public function renderTemplate($page, $editMode = null)
                 TemplateCache::set($templateInstance, $html);
             }
         }
-        return $html;
+
+        return Html::applyScriptNonce($html);
     }
 
     /**
@@ -148,4 +148,4 @@ public function isCanEdit() {
         return $this->_canEdit;
     }
 
-}
+}

docs/CHANGELOG.md

@@ -4,7 +4,7 @@ Changelog
 Unreleased
 -------------------------
 - Fix #312: Highlight the top menu entry if the current URL matches the Target Url of a "Link" custom page
-- Enh #314: Add nonce attribute to all HTML snippets automatically
+- Enh #314: Add nonce attribute to all JavaScript tags in snippet templates and HTML snippets automatically
 
 1.9.5 (November 16, 2023)
 -------------------------