fulldecent/freescout-sidebar-webhook

Easy way to allow scripts execution?

Open

#14 建立於 2025年1月27日

在 GitHub 查看
 (4 留言) (1 反應) (0 負責人)PHP (16 fork)github user discovery
help wanted

倉庫指標

Star
 (32 star)
PR 合併指標
 (PR 指標待抓取)

描述

Hi there, in my company we have a widget (provided by a WordPress plugin) that we use both with freescout and helpscout. Its html contains some scripts that we'd like to be executed on freescout. Due to the freescout restrictions that's not possible unless the correct nonce attribute is added to the script elements. So my idea was to replace this line:

https://github.com/fulldecent/freescout-sidebar-webhook/blob/739c02ff29d261a122114d63864d77a0d124f6d9/Public/js/module.js#L15

with this code:

                const cspString = $('meta[http-equiv="Content-Security-Policy"]').attr('content');
                const nonce = cspString.match(/nonce-([^']+)/)[1];


                $('#swh-content').html(response.html.replace(/{{nonce}}/g, `nonce="${nonce}"`));

with the webhook server responding with an html like:

[...]
        <script type="module" {{nonce}}>
            <?php echo file_get_contents($js_file); ?>
        </script>
[...]

what do you think? do you have a better way to do that? And/Or, are you interested into implementing it in your module?

Thank you so much!

貢獻者指南