Introduce CSP headers to Kalamar (start of #72)
Change-Id: I84b7ff0accab3d783ad653fae123c25fee1d92b9
diff --git a/templates/layouts/main.html.ep b/templates/layouts/main.html.ep
index fcc8bbe..f5610c2 100644
--- a/templates/layouts/main.html.ep
+++ b/templates/layouts/main.html.ep
@@ -41,13 +41,6 @@
<link rel="apple-touch-icon" href="<%= url_for '/img/apple-touch-icon.png' %>" />
<link href="<%= stash 'prefix' %>/favicon.ico" rel="shortcut icon" type="image/x-icon" />
-
-%= javascript begin
- window.KorAP = window.KorAP || {};
- % my $api = url_for('index');
- % $api =~ s!/$!!;
- KorAP.URL = '<%== $api %>';
-% end
% if ($c->app->mode eq 'development') {
<link href="<%= stash 'prefix' %>/css/kalamar-<%= $Kalamar::VERSION %>.css?v=<%= random_string %>" type="text/css" rel="stylesheet" />
@@ -61,8 +54,12 @@
</head>
% my $embedded = 0;
% $embedded = 1 if stash('embedded');
- <body class="no-js<% if ($embedded) { %> embedded<% } %>" itemscope itemtype="http://schema.org/<%= stash('schematype') || 'WebApplication' %>">
- <script>document.body.classList.remove('no-js');</script>
+ <body class="no-js<% if ($embedded) { %> embedded<% } %>"
+ % my $api = url_for('index');
+ % $api =~ s!/$!!;
+ data-korap-url="<%== $api %>"
+ itemscope
+ itemtype="http://schema.org/<%= stash('schematype') || 'WebApplication' %>">
<div id="kalamar-bg"></div>
%= include 'partial/side', embedded => $embedded
diff --git a/templates/query.html.ep b/templates/query.html.ep
index fa9980c..beda82c 100644
--- a/templates/query.html.ep
+++ b/templates/query.html.ep
@@ -1,9 +1,7 @@
% use Mojo::JSON 'encode_json';
% if (stash('api_response')) {
-%= javascript begin
% my $kq_hash = stash('api_response');
% $kq_hash->{matches} = ["..."];
- KorAP.koralQuery = <%= b(encode_json($kq_hash))->decode %>;
-% end
+<span id="koralQuery" data-koralquery="<%== b(encode_json($kq_hash))->decode->xml_escape %>"></span>
% };