ots/frontend/index.html
Knut Ahlers d1aa675544
Mitigate possible XSS through unsafe-inline script CSP
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2023-06-17 15:07:30 +02:00

66 lines
1.8 KiB
HTML

<!doctype html>
<html lang="en">
<head>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
{{ range (list "webfonts/fa-solid-900.woff2" "webfonts/fa-brands-400.woff2" "lato-v20-latin-ext_latin-regular.woff2" "lato-v20-latin-ext_latin-700.woff2") }}
<link
as="font"
crossorigin="anonymous"
href="{{ . }}"
integrity="{{ assetSRI . }}"
rel="preload"
>
{{ end }}
<link
crossorigin="anonymous"
href="app.css"
integrity="{{ assetSRI `app.css` }}"
rel="stylesheet"
>
<link
crossorigin="anonymous"
href="css/all.min.css"
integrity="{{ assetSRI `css/all.min.css` }}"
rel="stylesheet"
>
<title>OTS - One Time Secrets</title>
<script nonce="{{ .InlineContentNonce }}">
window.getTheme = () => localStorage.getItem('set-color-scheme') || (window.matchMedia('(prefers-color-scheme: light)').matches ? 'light' : 'dark')
window.refreshTheme = () => {
document.querySelector('html').setAttribute('mode', window.getTheme())
}
window.setTheme = (theme) => {
localStorage.setItem('set-color-scheme', theme)
window.refreshTheme()
}
// Very early load of theme definition to avoid flickering
document.addEventListener('DOMContentLoaded', () => window.refreshTheme())
// Template variable from Golang process
const version = "{{ .Version }}"
window.OTSCustomize = JSON.parse('{{ .Customize.ToJSON }}')
</script>
</head>
<body>
<div id="app"></div>
<script
crossorigin="anonymous"
integrity="{{ assetSRI `app.js` }}"
src="app.js"
></script>
</body>
</html>