From 4238b9b3efc3a9c001b5e1cf6c1883ffd0f92800 Mon Sep 17 00:00:00 2001
From: Literallie <git@l1t.li>
Date: Wed, 18 Oct 2017 19:37:55 +0200
Subject: [PATCH] Fix MathJax CSP issues

---
 app.js                            | 14 +++++++-------
 public/js/mathjax-config-extra.js |  8 ++++++++
 public/views/hackmd/foot.ejs      |  4 +---
 public/views/pretty.ejs           |  4 +---
 public/views/slide.ejs            |  4 +---
 5 files changed, 18 insertions(+), 16 deletions(-)
 create mode 100644 public/js/mathjax-config-extra.js

diff --git a/app.js b/app.js
index b78f94e..8873585 100644
--- a/app.js
+++ b/app.js
@@ -118,22 +118,22 @@ app.use((req, res, next) => {
 // https://helmetjs.github.io/docs/csp/
 if (config.csp.enable) {
   var cdnDirectives = {
-    scriptSrc: ["https://cdnjs.cloudflare.com"],
-    styleSrc: ["https://cdnjs.cloudflare.com", "https://fonts.googleapis.com"],
-    fontSrc: ["https://cdnjs.cloudflare.com", "https://fonts.gstatic.com"]
+    scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'],
+    styleSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.googleapis.com'],
+    fontSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.gstatic.com']
   }
   var directives = {}
   for (var propertyName in config.csp.directives) {
-    if(config.csp.directives.hasOwnProperty(propertyName)) {
+    if (config.csp.directives.hasOwnProperty(propertyName)) {
       var directive = config.csp.directives[propertyName]
       if (config.usecdn && !!cdnDirectives[propertyName]) {
         directive = directive.concat(cdnDirectives[propertyName])
       }
-      directives[propertyName] = directive;
+      directives[propertyName] = directive
     }
   }
   directives.scriptSrc.push(function (req, res) { return "'nonce-" + res.locals.nonce + "'" })
-  if(config.csp.upgradeInsecureRequests === 'auto') {
+  if (config.csp.upgradeInsecureRequests === 'auto') {
     directives.upgradeInsecureRequests = config.usessl === 'true'
   } else {
     directives.upgradeInsecureRequests = config.csp.upgradeInsecureRequests === 'true'
@@ -142,7 +142,7 @@ if (config.csp.enable) {
     directives: directives
   }))
 } else {
-  logger.info('Content-Security-Policy is disabled. This may be a security risk.');
+  logger.info('Content-Security-Policy is disabled. This may be a security risk.')
 }
 
 i18n.configure({
diff --git a/public/js/mathjax-config-extra.js b/public/js/mathjax-config-extra.js
new file mode 100644
index 0000000..54cee79
--- /dev/null
+++ b/public/js/mathjax-config-extra.js
@@ -0,0 +1,8 @@
+var MathJax = {
+  messageStyle: 'none',
+  skipStartupTypeset: true,
+  tex2jax: {
+    inlineMath: [['$', '$'], ['\\(', '\\)']],
+    processEscapes: true
+  }
+}
diff --git a/public/views/hackmd/foot.ejs b/public/views/hackmd/foot.ejs
index 6a1f3b9..8438dce 100644
--- a/public/views/hackmd/foot.ejs
+++ b/public/views/hackmd/foot.ejs
@@ -1,6 +1,4 @@
-<script type="text/x-mathjax-config">
-    MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
-</script>
+<script src="<%= url %>/js/mathjax-config-extra.js"></script>
 <% if(useCDN) { %>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js" integrity="sha256-PieqE0QdEDMppwXrTzSZQr6tWFX3W5KkyRVyF1zN3eg=" crossorigin="anonymous" defer></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
diff --git a/public/views/pretty.ejs b/public/views/pretty.ejs
index 80d2505..b2988e3 100644
--- a/public/views/pretty.ejs
+++ b/public/views/pretty.ejs
@@ -72,9 +72,7 @@
 </body>
 
 </html>
-<script type="text/x-mathjax-config">
-    MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
-</script>
+<script src="<%= url %>/js/mathjax-config-extra.js"></script>
 <% if(useCDN) { %>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/velocity/1.4.0/velocity.min.js" integrity="sha256-bhm0lgEt6ITaZCDzZpkr/VXVrLa5RP4u9v2AYsbzSUk=" crossorigin="anonymous" defer></script>
diff --git a/public/views/slide.ejs b/public/views/slide.ejs
index c7dd989..269ce04 100644
--- a/public/views/slide.ejs
+++ b/public/views/slide.ejs
@@ -89,9 +89,7 @@
             </div>
         </div>
 
-        <script type="text/x-mathjax-config">
-            MathJax.Hub.Config({ messageStyle: "none", skipStartupTypeset: true ,tex2jax: {inlineMath: [['$','$'], ['\\(','\\)']], processEscapes: true }});
-        </script>
+        <script src="<%= url %>/js/mathjax-config-extra.js"></script>
         <% if(useCDN) { %>
         <script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/lib/js/head.min.js" integrity="sha256-+09kLhwACKXFPDvqo4xMMvi4+uXFsRZ2uYGbeN1U8sI=" crossorigin="anonymous"></script>
         <script src="https://cdnjs.cloudflare.com/ajax/libs/reveal.js/3.3.0/js/reveal.min.js" integrity="sha256-lvaInSKflJWLPqf5N5oHr/UZFwXKD6gckerdwoHqECY=" crossorigin="anonymous"></script>