search

openzim / openedx

Open edX (to zim) scraper
GNU General Public License v3.0
8 stars 7 forks source link

Remove inline javascript to comply with some CSP #168

Closed mossroy closed 1 year ago

mossroy commented 2 years ago

Tested with https://download.kiwix.org/zim/mooc/phzh_core-english-one_en_2021-07.zim

There are many inline javascripts, that should be moved to javascript files:

<script>
      window.MathJax = {
...
      };
</script>
<script type="text/javascript">
    // Activating Mathjax accessibility files
    window.MathJax = {
        menuSettings: {
            collapsible: true,
            autocollapse: true,
            explorer: true
        }
    };
</script>
<script type="text/javascript">
        /* immediately break out of an iframe if coming from the marketing website */
        (function(window) {
          if (window.location !== window.top.location) {
            window.top.location = window.location;
          }
        })(this);
      </script>
<script>
    window.baseUrl = "/static/";
    (function (require) {
      require.config({
          baseUrl: window.baseUrl
      });
    }).call(this, require || RequireJS.require);
  </script>
<script type="text/javascript">
        (function (require) {
          require.config({
              paths: {
...
            }
          });
        }).call(this, require || RequireJS.require);
    </script>
<script type="text/javascript">
  var analytics = {
    track: function() { return; },
    trackLink: function() { return; },
    pageview: function() { return; },
    page: function() { return; }
  };
</script>
<script type="text/javascript">
  var _paq = window._paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="//matomo.swissmooc.ch/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '4']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<script type="text/javascript">
    // Fast Preview was introduced in 2.5. However, it
    // causes undesirable flashing/font size changes when
    // MathJax is used for interactive preview (equation editor).
    // Setting processSectionDelay to 0 (see below) fully eliminates
    // fast preview, but to reduce confusion, we are also setting
    // the option as displayed in the context menu to false.
    // When upgrading to 2.6, check if this variable name changed.
    window.MathJax = {
      menuSettings: {CHTMLpreview: false}
    };
</script>
<script type="text/javascript">
        (function (require) {
            require(['js/courseware/courseware_factory'], function (CoursewareFactory) {

    CoursewareFactory();

            });
        }).call(this, require || RequireJS.require);
    </script>
<script type="text/javascript">
    var $$course_id = "course\u002Dv1:PHZH+W\u002DIB+2019_E";
  </script>
<script type="text/javascript">
  function menuMobile(){
    var links_header = $('.main div a');
    var container_link = '<div class="mobile-nav-item dropdown-item dropdown-nav-item menu-dropdown-show"></div>';

    links_header.each(function (index) {
      var clone_element = $(this).clone();

      $('.dropdown-user-menu').prepend($(container_link).html(clone_element[0]));
    });
  }
  $(document).ready(menuMobile);
</script>
<script>
window.addEventListener("load", function(){
  window.cookieconsent.initialise({

    window: '<div dir="ltr" role="dialog" tabindex="-1" id="cookiepopup" aria-label="cookieconsent" class="cc-window {{classes}}"><!--googleoff: all-->{{children}}<!--googleon: all--></div>',

    palette:{
      popup: {background: "#323538", text: "#ffffff"},
      button: {background: "#005379", text: "#ffffff"},
    },
    "content": {
      "message": "This website uses cookies to ensure you get the best experience on our website. If you continue browsing this site, we understand that you accept the use of cookies.",
      "dismiss": "Got it!",
      "link": "Learn more",
    },
    theme: "classic",
    "elements": {
        "dismiss": '<a aria-label="dismiss cookie message" id="dismiss" role=button tabindex="2" class="cc-btn cc-dismiss:focus">{{dismiss}}</a>',
    },
    "position": "bottom",
    "static": "true",
    "onStatusChange": function( status, before ) {
      if( status === 'dismiss' ) {
        $.get('/cookieconsent-set-http-cookie');
      }
    }
  },
  function(popup){

    $(".cc-window").on('keydown', function(event) {
      if (event.keyCode == 27 ){
        popup.close();
      } 
    });

    $("#dismiss").on('keydown', function(event) {
      if (event.keyCode == 13 || event.keyCode == 32 ) {
        popup.onButtonClick(event);
      }
    });  
  });
});
</script>
<script type="text/javascript">

    new CourseSock({
        el:'.verification-sock'
    });

      </script>
<script type="text/javascript">
    window.footerLanguageSelector = {
        handleSelection: function($select) {
            this.setLanguageCookie($select.value, this.refreshPage);
        },

        setLanguageCookie: function(value, callback) {
            var cookie = 'openedx\u002Dlanguage\u002Dpreference=' + value + ';path=/';

                cookie += ';domain=.mooc.phzh.ch';
                cookie += ';max-age=1209600';

            document.cookie = cookie;

            callback();
        },

        refreshPage: function() {
            window.location.reload();
        }
    };
</script>
<script type="text/javascript">

 "use strict";
 var bookmark_top = '.bookmark-button-wrapper .bookmark-button';
 var bookmark_bottom = '.sequence-bottom .bookmark-button';
 var target, config, callback, observer, target2, config2, callback2, observer2;

...

</script>
<script type="text/javascript">
function trigger_seq_content_change_behaviour(){
  $('#seq_content').append("<div id='dummy_div'></div>");
  $('#dummy_div').remove();
}

$(window).load(function(){
  trigger_seq_content_change_behaviour();
});
</script>

And some onclick attributes like:

<a aria-expanded="true" class="zim-button-chapter chapter zim-active" onclick="toggle_visibility_submenu(this)" role="button">
stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be now be reviewed manually. Thank you for your contributions.

Jaifroid commented 2 years ago

Moreover, the scripts seem to break out of our iframe, and navigate the top-level document, which then destroys the Kiwix JS reader. There was a similar case with Stackexchange ZIMs when the new Type 1 ZIM type was introduced, but @rgaudin fixed it.

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be now be reviewed manually. Thank you for your contributions.