* literal "</script>" or (for XML) literal "]]>".
*
* @param string $contents JavaScript
- * @param string $nonce Nonce for CSP header, from OutputPage::getCSPNonce()
+ * @param string|null $nonce Nonce for CSP header, from OutputPage::getCSPNonce()
* @return string Raw HTML
*/
public static function inlineScript( $contents, $nonce = null ) {
if ( $nonce !== null ) {
$attrs['nonce'] = $nonce;
} else {
- if ( ContentSecurityPolicy::isEnabled( RequestContext::getMain()->getConfig() ) ) {
+ if ( ContentSecurityPolicy::isNonceRequired( RequestContext::getMain()->getConfig() ) ) {
wfWarn( "no nonce set on script. CSP will break it" );
}
}
* "<script src=foo.js></script>".
*
* @param string $url
- * @param string $nonce Nonce for CSP header, from OutputPage::getCSPNonce()
+ * @param string|null $nonce Nonce for CSP header, from OutputPage::getCSPNonce()
* @return string Raw HTML
*/
public static function linkedScript( $url, $nonce = null ) {
if ( $nonce !== null ) {
$attrs['nonce'] = $nonce;
} else {
- if ( ContentSecurityPolicy::isEnabled( RequestContext::getMain()->getConfig() ) ) {
+ if ( ContentSecurityPolicy::isNonceRequired( RequestContext::getMain()->getConfig() ) ) {
wfWarn( "no nonce set on script. CSP will break it" );
}
}
dépôts / lhc / web / wiklou.git / blobdiff