From 007331eedfcf6db08ba87c3773131f17bcfc00d2 Mon Sep 17 00:00:00 2001
From: Shane Tomlinson <stomlinson@mozilla.com>
Date: Tue, 13 Dec 2011 17:59:25 +0000
Subject: [PATCH] Removing the inline script from relay.ejs, placing into
 start.js

Inline scripts break CSP.

close #676
---
 resources/static/relay/relay.js |  9 +++----
 resources/static/relay/start.js | 45 +++++++++++++++++++++++++++++++++
 resources/views/relay.ejs       | 23 ++++-------------
 scripts/compress.sh             |  2 +-
 4 files changed, 55 insertions(+), 24 deletions(-)
 create mode 100644 resources/static/relay/start.js

diff --git a/resources/static/relay/relay.js b/resources/static/relay/relay.js
index 73dd22d89..50f27a19f 100644
--- a/resources/static/relay/relay.js
+++ b/resources/static/relay/relay.js
@@ -1,5 +1,4 @@
 /*global Channel: true, errorOut: true */
-
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
@@ -102,7 +101,7 @@
         );
       }
     }
-    
+
     function open() {
       var rpc = channel.build({
         window: win,
@@ -141,12 +140,12 @@
       }
       return msg;
     }
-    
+
     return {
       /**
-       * Initialize the relay. 
+       * Initialize the relay.
        * @method init
-       * @param {object} [options] - options used to override window, channel 
+       * @param {object} [options] - options used to override window, channel
        * for unit testing.
        */
       init: init,
diff --git a/resources/static/relay/start.js b/resources/static/relay/start.js
new file mode 100644
index 000000000..83b8fefc8
--- /dev/null
+++ b/resources/static/relay/start.js
@@ -0,0 +1,45 @@
+/*global Channel: true, errorOut: true */
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is Mozilla BrowserID.
+ *
+ * The Initial Developer of the Original Code is Mozilla.
+ * Portions created by the Initial Developer are Copyright (C) 2011
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+(function() {
+  var relay = BrowserID.Relay;
+  relay.init({
+    channel: Channel,
+    window: window.parent
+  });
+
+  relay.open();
+}());
diff --git a/resources/views/relay.ejs b/resources/views/relay.ejs
index 648ae21f6..629469c0d 100644
--- a/resources/views/relay.ejs
+++ b/resources/views/relay.ejs
@@ -7,26 +7,13 @@
   <body>
       Relay iframe.  Woohoo!
       <% if (production) { %>
-        <script type='text/javascript'
-          src='https://browserid.org/relay/production.js'></script>
+        <script type='text/javascript' src='https://browserid.org/relay/production.js'></script>
 
       <% } else { %>
-        <script type='text/javascript'
-          src='https://browserid.org/lib/jschannel.js'></script>
-        <script type='text/javascript'
-          src='https://browserid.org/shared/browserid.js'></script>
-        <script type='text/javascript'
-          src='https://browserid.org/relay/relay.js'></script>
+        <script type='text/javascript' src='https://browserid.org/lib/jschannel.js'></script>
+        <script type='text/javascript' src='https://browserid.org/shared/browserid.js'></script>
+        <script type='text/javascript' src='https://browserid.org/relay/relay.js'></script>
+        <script type='text/javascript' src='https://browserid.org/relay/start.js'></script>
       <% } %>
-
-      <script type="text/javascript">
-        var relay = BrowserID.Relay;
-        relay.init({
-          channel: Channel,
-          window: window.parent
-        });
-
-        relay.open();
-      </script>
 	</body>
 </html>
diff --git a/scripts/compress.sh b/scripts/compress.sh
index 77842a832..65176a333 100755
--- a/scripts/compress.sh
+++ b/scripts/compress.sh
@@ -62,7 +62,7 @@ cat ../../css/common.css popup.css m.css > production.css
 $UGLIFYCSS production.css > production.min.css
 
 cd ../../relay
-cat ../lib/jschannel.js ../shared/browserid.js relay.js > production.js
+cat ../lib/jschannel.js ../shared/browserid.js relay.js start.js > production.js
 $UGLIFY < production.js > production.min.js
 mv production.min.js production.js
 
-- 
GitLab