Fix CSP-blocked inline onclick handlers
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 10m51s
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 10m51s
- Remove onclick from API key recovery modal Copy button (templates/pages/index.html) - Event listener already exists in app.js (line 295) - Remove onclick from server-rendered API key display (src/index.ts line 207) - Remove onclick from billing success page Copy button (src/routes/billing.ts line 181) - Create public/copy-helper.js to handle all [data-copy] elements via external JS - All copy functionality now CSP-compliant (script-src 'self')
This commit is contained in:
DocFast Dev
parent
0e04fb5523
commit
4aeac959c3
5 changed files with 51 additions and 9 deletions
|
|
@ -204,10 +204,12 @@ p{color:#7a8194;margin-bottom:24px;line-height:1.6}
|
|||
<p>${message}</p>
|
||||
${apiKey ? `
|
||||
<div class="warning">⚠️ Save your API key securely. You can recover it via email if needed.</div>
|
||||
<div class="key-box" onclick="navigator.clipboard.writeText('${apiKey}');this.style.borderColor='#5eead4';setTimeout(()=>this.style.borderColor='#34d399',1500)">${apiKey}</div>
|
||||
<div class="key-box" data-copy="${apiKey}">${apiKey}</div>
|
||||
<div class="links">Upgrade to Pro for 5,000 PDFs/month · <a href="/docs">Read the docs →</a></div>
|
||||
` : `<div class="links"><a href="/">← Back to DocFast</a></div>`}
|
||||
</div></body></html>`;
|
||||
</div>
|
||||
<script src="/copy-helper.js"></script>
|
||||
</body></html>`;
|
||||
}
|
||||
|
||||
// Landing page
|
||||
|
|
|
|||
|
|
@ -178,11 +178,13 @@ a { color: #4f9; }
|
|||
<div class="card">
|
||||
<h1>🎉 Welcome to Pro!</h1>
|
||||
<p>Your API key:</p>
|
||||
<div class="key" style="position:relative" data-key="${escapeHtml(keyInfo.key)}">${escapeHtml(keyInfo.key)}<button onclick="navigator.clipboard.writeText(this.parentElement.dataset.key);this.textContent='Copied!';setTimeout(()=>this.textContent='Copy',1500)" style="position:absolute;top:8px;right:8px;background:#4f9;color:#0a0a0a;border:none;border-radius:4px;padding:4px 12px;cursor:pointer;font-size:0.8rem;font-family:system-ui">Copy</button></div>
|
||||
<div class="key" style="position:relative">${escapeHtml(keyInfo.key)}<button data-copy="${escapeHtml(keyInfo.key)}" style="position:absolute;top:8px;right:8px;background:#4f9;color:#0a0a0a;border:none;border-radius:4px;padding:4px 12px;cursor:pointer;font-size:0.8rem;font-family:system-ui">Copy</button></div>
|
||||
<p><strong>Save this key!</strong> It won't be shown again.</p>
|
||||
<p>5,000 PDFs/month • All endpoints • Priority support</p>
|
||||
<p><a href="/docs">View API docs →</a></p>
|
||||
</div></body></html>`);
|
||||
</div>
|
||||
<script src="/copy-helper.js"></script>
|
||||
</body></html>`);
|
||||
} catch (err: any) {
|
||||
logger.error({ err }, "Success page error");
|
||||
res.status(500).json({ error: "Failed to retrieve session" });
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue