search

petersphilo / humhub-social_stats

This is a HumHub module that provides general statistics on overall activity, with charts of hourly and daily activity
GNU General Public License v3.0
5 stars 2 forks source link

Javascript doesn't load if ad blocker #10

Open marc-farre opened 1 year ago

marc-farre commented 1 year ago

To reproduce:

Install uBlock origin extension on Chrome. Go to the social Stats page. image

Thanks.

ArchBlood commented 1 year ago

This is more than likely due to direct script injected into the code itself with no CSP implemented;

i.e <?= Html::nonce() ?> should be implemented into the script tags; https://github.com/petersphilo/humhub-social_stats/blob/8363aa67204b89e3079ce26cdb628287591cf9a5/views/main/index.php#L307-L308

Shown in the following is how you would implement CSP into script tags;

3

Also the SDK script shouldn't be implemented in this way, probably a better way would be the following; https://github.com/GreenMeteor/adsense/blob/master/widgets/views/adframe.php#L14

The main issue would be where the SDK script needs to be injected, then following the same logic as the AdSense module, and implement the registerJsFile() method.