Move TagHelpers to Abstractions (#3975)

* Move TagHelpers to Abstractions Makes them available for use in plugins. Also cleans up the tag helper references in the view code: As we have it in the root view imports, the individual directives in the views are superfluous. * Move CurrenciesSuggestionsTagHelper back To get rid of the Rating dependency in Abstractions.
2026-01-04 14:44:30 +01:00 · 2022-07-22 14:58:25 +02:00
parent a9a0bf01ad
commit 2e6246e385
60 changed files with 18 additions and 110 deletions
--- a/BTCPayServer.Abstractions/TagHelpers/CSPInlineScriptTagHelper.cs
+++ b/BTCPayServer.Abstractions/TagHelpers/CSPInlineScriptTagHelper.cs
@@ -0,0 +1,33 @@
+using BTCPayServer.Security;
+using Microsoft.AspNetCore.Razor.TagHelpers;
+using NBitcoin;
+
+namespace BTCPayServer.Abstractions.TagHelpers;
+
+/// <summary>
+/// Add a nonce-* so the inline-script can pass CSP rule when they are rendered server-side
+/// </summary>
+[HtmlTargetElement("script")]
+public class CSPInlineScriptTagHelper : TagHelper
+{
+    private readonly ContentSecurityPolicies _csp;
+
+    public CSPInlineScriptTagHelper(ContentSecurityPolicies csp)
+    {
+        _csp = csp;
+    }
+
+    public override void Process(TagHelperContext context, TagHelperOutput output)
+    {
+        if (output.Attributes.ContainsName("src"))
+            return;
+        if (output.Attributes.TryGetAttribute("type", out var attr))
+        {
+            if (attr.Value?.ToString() != "text/javascript")
+                return;
+        }
+        var nonce = RandomUtils.GetUInt256().ToString().Substring(0, 32);
+        output.Attributes.Add(new TagHelperAttribute("nonce", nonce));
+        _csp.Add("script-src", $"'nonce-{nonce}'");
+    }
+}