X-Git-Url: http://www.aleph1.co.uk/gitweb/?p=yaffs-website;a=blobdiff_plain;f=web%2Fcore%2Fmisc%2FdrupalSettingsLoader.es6.js;fp=web%2Fcore%2Fmisc%2FdrupalSettingsLoader.es6.js;h=2e58071f3138093e9e8d1e73e0095bd52ee61c82;hp=0000000000000000000000000000000000000000;hb=9917807b03b64faf00f6a1f29dcb6eafc454efa5;hpb=aea91e65e895364e460983b890e295aa5d5540a5

diff --git a/web/core/misc/drupalSettingsLoader.es6.js b/web/core/misc/drupalSettingsLoader.es6.js
new file mode 100644
index 000000000..2e58071f3
--- /dev/null
+++ b/web/core/misc/drupalSettingsLoader.es6.js
@@ -0,0 +1,22 @@
+/**
+ * @file
+ * Parse inline JSON and initialize the drupalSettings global object.
+ */
+
+(function () {
+  // Use direct child elements to harden against XSS exploits when CSP is on.
+  const settingsElement = document.querySelector('head > script[type="application/json"][data-drupal-selector="drupal-settings-json"], body > script[type="application/json"][data-drupal-selector="drupal-settings-json"]');
+
+  /**
+   * Variable generated by Drupal with all the configuration created from PHP.
+   *
+   * @global
+   *
+   * @type {object}
+   */
+  window.drupalSettings = {};
+
+  if (settingsElement !== null) {
+    window.drupalSettings = JSON.parse(settingsElement.textContent);
+  }
+}());