eliminate inline <script> in file generated by doxygen

3
votes

A proposed change to the Content Security Policy (CSP) of our web server to disallow inline script is causing a problem with the documentation generated by doxygen. Specifically, the problem occurs in the generated index.html file, and the following lines:

<!-- Generated by Doxygen 1.8.15 -->
<script type="text/javascript" src="menudata.js"></script>
<script type="text/javascript" src="menu.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
$(function() {
  initMenu('',false,false,'search.php','Search');
})
/* @license-end */</script>

If the initMenu() code is put into a separate file that is just included like other JavaScript files, everything works just fine. Is there a doxygen option to put all JavaScript into files rather that inline? We can post process the generated file to do this, but may not know when the "pattern" of this code may change due to updates in doxygen itself. And we may not know if using additional doxygen features will result in other inline JavaScript.

Any suggestions would be welcome.

Thank you

Fritz Sieker

1
doxygen

1 Answers

0
votes

First off Content Security Policy is useful but far from being an absolute authority. There are other completely useless headers such as those that block referrers based on "privacy".

Secondly there is no such thing as "text/javascript", perhaps they meant application/javascript?

If you're using good (though very non-common practices) you don't have any script elements in the body element (use defer="true" on script elements in the head). By doing that you'll better understand the structure of JavaScript and that in turn will help you become more proficient/capable/help more people/make more money/etc.

You can use document.getElementsByTagName('body')[0].getElementsByTagName('script') to find all the script elements in the body element that don't belong there.

If you do have script elements in the body element beforehand and moving them to the head element is not feasible right now you're likely going to have to work with inherent logic, in short those script elements will always be inserted in to the DOM in a specific and reasonably easily reproducible area of your code (like as the very last elements). In such a case you can find them via the following:

document.getElementsByTagName('body')[0].lastChild
document.getElementsByTagName('body')[0].lastChild.previousSibling
document.getElementsByTagName('body')[0].lastChild.previousSibling.previousSibling

Keep in mind that pressing Enter in your code to make it more readable will insert a textNode so you may want to append nodeName to those instances and look for "script":

console.log(document.getElementsByTagName('body')[0].lastChild.nodeName);

There is the DOM TreeWalker that might help you out here, subjective to the end result in your DOM. I don't know offhand if you can transverse all the elements in reverse (probably).

Once you know what you want to delete instead of making everything convoluted just send that object (or id) to the following:

function element_del(id)
{
 if (typeof id=='string' && id_(id) && id_(id).parentNode.removeChild)
 {
  id_(id).parentNode.removeChild(id_(id));
 }
 else if (typeof id=='object' && typeof id.parentNode=='object') {id.parentNode.removeChild(id);}
}

//Example:
element_del(document.getElementsByTagName('body')[0].lastChild);

I hope this helps!