blob: 830698fd312554da3ccccf39ef7cbd2990b2f16c [file] [log] [blame] [raw]
doctype html
html(lang="en")
head
base(href=httpRoot)
block meta
include meta.pug
block styles
link(href=require("main.css") rel="stylesheet")
style#theme
body(class=extraBodyClass)
block content
#root
block footer
include templates.pug
block scripts
script(src=`${httpRootDir}client-options.js?hash=${optionsHash}`)
//-
The atob/base64 stuff below is to prevent any XSS attacks: now we have user content in the options (from
short links), it's possible to do XSS attacks, by leaving <script> tags in the source etc, which can be
interpreted by the browser.
script
| var extraOptions = JSON.parse(decodeURIComponent("!{encodeURIComponent(compilerExplorerOptions)}"));
| for (k in extraOptions) { window.compilerExplorerOptions[k] = extraOptions[k]; }
|
| window.httpRoot = '#{httpRoot}'; window.httpRootDir = '#{httpRootDir}';
|
| if (window.navigator.userAgent.indexOf("Trident/") > 0) {
| var s = document.createElement("script");
| s.src = "#{httpRootDir}dist/es6-shim.min.js";
| document.head.appendChild(s);
| }
script(src=require("main.js"))