Fix CSP-blocked inline onclick handlers
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 10m51s
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 10m51s
- Remove onclick from API key recovery modal Copy button (templates/pages/index.html) - Event listener already exists in app.js (line 295) - Remove onclick from server-rendered API key display (src/index.ts line 207) - Remove onclick from billing success page Copy button (src/routes/billing.ts line 181) - Create public/copy-helper.js to handle all [data-copy] elements via external JS - All copy functionality now CSP-compliant (script-src 'self')
This commit is contained in:
DocFast Dev
parent
0e04fb5523
commit
4aeac959c3
5 changed files with 51 additions and 9 deletions
|
|
@ -204,10 +204,12 @@ p{color:#7a8194;margin-bottom:24px;line-height:1.6}
|
|||
<p>${message}</p>
|
||||
${apiKey ? `
|
||||
<div class="warning">⚠️ Save your API key securely. You can recover it via email if needed.</div>
|
||||
<div class="key-box" onclick="navigator.clipboard.writeText('${apiKey}');this.style.borderColor='#5eead4';setTimeout(()=>this.style.borderColor='#34d399',1500)">${apiKey}</div>
|
||||
<div class="key-box" data-copy="${apiKey}">${apiKey}</div>
|
||||
<div class="links">Upgrade to Pro for 5,000 PDFs/month · <a href="/docs">Read the docs →</a></div>
|
||||
` : `<div class="links"><a href="/">← Back to DocFast</a></div>`}
|
||||
</div></body></html>`;
|
||||
</div>
|
||||
<script src="/copy-helper.js"></script>
|
||||
</body></html>`;
|
||||
}
|
||||
|
||||
// Landing page
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue