projects / yaffs-website / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security update for Core, with self-updated composer
[yaffs-website] / web / core / misc / drupalSettingsLoader.es6.js
diff --git a/web/core/misc/drupalSettingsLoader.es6.js b/web/core/misc/drupalSettingsLoader.es6.js
new file mode 100644 (file)
index 0000000..2e58071
--- /dev/null
+++ b/web/core/misc/drupalSettingsLoader.es6.js
@@ -0,0 +1,22 @@
+/**
+ * @file
+ * Parse inline JSON and initialize the drupalSettings global object.
+ */
+
+(function () {
+  // Use direct child elements to harden against XSS exploits when CSP is on.
+  const settingsElement = document.querySelector('head > script[type="application/json"][data-drupal-selector="drupal-settings-json"], body > script[type="application/json"][data-drupal-selector="drupal-settings-json"]');
+
+  /**
+   * Variable generated by Drupal with all the configuration created from PHP.
+   *
+   * @global
+   *
+   * @type {object}
+   */
+  window.drupalSettings = {};
+
+  if (settingsElement !== null) {
+    window.drupalSettings = JSON.parse(settingsElement.textContent);
+  }
+}());
Unnamed repository; edit this file 'description' to name the repository.