Added Content-Security-Policy to ensure that external scripts cannot be loaded.

Moved inline scripts to their own files. Moved all front-end scripts to /assets/js/scripts.
2018-04-25 17:06:10 -04:00
parent 8d5cd2b00b
commit 4d26298b98
7 changed files with 246 additions and 234 deletions
--- a/app/app.ejs
+++ b/app/app.ejs
@@ -1,9 +1,9 @@
 <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
 <head>
-    <meta charset="utf-8" />
+    <meta charset="utf-8" http-equiv="Content-Security-Policy" content="script-src 'self'"/>
    <title>Westeroscraft Launcher</title>
-    <script src="./assets/js/uicore.js"></script>
-    <script src="./assets/js/actionbinder.js"></script>
+    <script src="./assets/js/scripts/uicore.js"></script>
+    <script src="./assets/js/scripts/actionbinder.js"></script>
    <link type="text/css" rel="stylesheet" href="./assets/css/launcher.css">
    <style>
        body {