Changed: DB Params

templ/examples/content-security-policy/main.go

@@ -0,0 +1,68 @@
+package main
+
+import (
+	"crypto/rand"
+	"fmt"
+	"math/big"
+	"net/http"
+	"os"
+
+	"log/slog"
+
+	"github.com/a-h/templ"
+)
+
+func main() {
+	log := slog.New(slog.NewJSONHandler(os.Stderr, nil))
+
+	// Create HTTP routes.
+	mux := http.NewServeMux()
+	mux.Handle("/", templ.Handler(template()))
+
+	// Wrap the router with CSP middleware to apply the CSP nonce to templ scripts.
+	withCSPMiddleware := NewCSPMiddleware(log, mux)
+
+	log.Info("Listening...", slog.String("addr", "127.0.0.1:7001"))
+	if err := http.ListenAndServe("127.0.0.1:7001", withCSPMiddleware); err != nil {
+		log.Error("failed to start server", slog.Any("error", err))
+	}
+}
+
+func NewCSPMiddleware(log *slog.Logger, next http.Handler) *CSPMiddleware {
+	return &CSPMiddleware{
+		Log:  log,
+		Next: next,
+		Size: 28,
+	}
+}
+
+type CSPMiddleware struct {
+	Log  *slog.Logger
+	Next http.Handler
+	Size int
+}
+
+func (m *CSPMiddleware) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	nonce, err := m.generateNonce()
+	if err != nil {
+		m.Log.Error("failed to generate nonce", slog.Any("error", err))
+		http.Error(w, "Internal server error", http.StatusInternalServerError)
+		return
+	}
+	ctx := templ.WithNonce(r.Context(), nonce)
+	w.Header().Add("Content-Security-Policy", fmt.Sprintf("script-src 'nonce-%s'", nonce))
+	m.Next.ServeHTTP(w, r.WithContext(ctx))
+}
+
+func (m *CSPMiddleware) generateNonce() (string, error) {
+	const letters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-"
+	ret := make([]byte, m.Size)
+	for i := 0; i < m.Size; i++ {
+		num, err := rand.Int(rand.Reader, big.NewInt(int64(len(letters))))
+		if err != nil {
+			return "", err
+		}
+		ret[i] = letters[num.Int64()]
+	}
+	return string(ret), nil
+}

templ/examples/content-security-policy/templates.templ

@@ -0,0 +1,9 @@
+package main
+
+script sayHello() {
+	alert("Hello")
+}
+
+templ template() {
+	@sayHello()
+}

templ/examples/content-security-policy/templates_templ.go

@@ -0,0 +1,50 @@
+// Code generated by templ - DO NOT EDIT.
+
+// templ: version: v0.3.833
+package main
+
+//lint:file-ignore SA4006 This context is only used if a nested component is present.
+
+import "github.com/a-h/templ"
+import templruntime "github.com/a-h/templ/runtime"
+
+func sayHello() templ.ComponentScript {
+	return templ.ComponentScript{
+		Name: `__templ_sayHello_6bd3`,
+		Function: `function __templ_sayHello_6bd3(){alert("Hello")
+}`,
+		Call:       templ.SafeScript(`__templ_sayHello_6bd3`),
+		CallInline: templ.SafeScriptInline(`__templ_sayHello_6bd3`),
+	}
+}
+
+func template() templ.Component {
+	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
+		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
+		if templ_7745c5c3_CtxErr := ctx.Err(); templ_7745c5c3_CtxErr != nil {
+			return templ_7745c5c3_CtxErr
+		}
+		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
+		if !templ_7745c5c3_IsBuffer {
+			defer func() {
+				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
+				if templ_7745c5c3_Err == nil {
+					templ_7745c5c3_Err = templ_7745c5c3_BufErr
+				}
+			}()
+		}
+		ctx = templ.InitializeContext(ctx)
+		templ_7745c5c3_Var1 := templ.GetChildren(ctx)
+		if templ_7745c5c3_Var1 == nil {
+			templ_7745c5c3_Var1 = templ.NopComponent
+		}
+		ctx = templ.ClearChildren(ctx)
+		templ_7745c5c3_Err = sayHello().Render(ctx, templ_7745c5c3_Buffer)
+		if templ_7745c5c3_Err != nil {
+			return templ_7745c5c3_Err
+		}
+		return nil
+	})
+}
+
+var _ = templruntime.GeneratedTemplate