github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.14] Identify CSP test functions (#184456) (#184499)

Browse source 
# Backport

This will backport the following commits from `main` to `8.14`:
- [Identify CSP test functions
(#184456)](https://github.com/elastic/kibana/pull/184456)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Larry
Gregory","email":"larry.gregory@elastic.co"},"sourceCommit":{"committedDate":"2024-05-30T10:04:55Z","message":"Identify
CSP test functions
(#184456)","sha":"3e44cca7e74e0b59f1afedcabb445b937e1bf730","branchLabelMapping":{"^v8.15.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["chore","Team:Security","release_note:skip","Feature:Security/CSP","backport:prev-minor","v8.15.0"],"title":"Identify
CSP test
functions","number":184456,"url":"https://github.com/elastic/kibana/pull/184456","mergeCommit":{"message":"Identify
CSP test functions
(#184456)","sha":"3e44cca7e74e0b59f1afedcabb445b937e1bf730"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.15.0","branchLabelMappingKey":"^v8.15.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/184456","number":184456,"mergeCommit":{"message":"Identify
CSP test functions
(#184456)","sha":"3e44cca7e74e0b59f1afedcabb445b937e1bf730"}}]}]
BACKPORT-->

Co-authored-by: Larry Gregory <larry.gregory@elastic.co>
This commit is contained in:
Kibana Machine 2024-05-30 07:31:31 -04:00 committed by GitHub
parent f1a6cf340e
commit 5139a3ea48
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
packages/core/rendering/core-rendering-server-internal/src/views/template.tsx
View file

@ -110,7 +110,8 @@ export const Template: FunctionComponent<Props> = ({
</div>
<script>
{`
{`// kbnUnsafeInlineTest do not remove this comment:
// it is used for filtering out expected CSP failures, and must be the first piece of content in this script block.
// Since this is an unsafe inline script, this code will not run
// in browsers that support content security policy(CSP). This is
// intentional as we check for the existence of __kbnCspNotEnforced__ in

4
packages/kbn-handlebars/src/utils.ts
View file

@ -61,7 +61,9 @@ export function transformLiteralToPath(node: { path: hbs.AST.PathExpression | hb
export function allowUnsafeEval() {
try {
new Function();
// Do not remove the `kbnUnsafeEvalTest` parameter.
// It is used for filtering out expected CSP failures, and must be the first piece of content in this function.
new Function('kbnUnsafeEvalTest', 'return true;');
return true;
} catch (e) {
return false;