Page MenuHomeSealhub
Create Task
Maniphest T3050

Stimulus controller to attach custom signed inline code
Open, NormalPublic3 Points
Actions

Description

Create a Stimulus controller that allows attaching custom code like so:

<div data-controller="signed-inline" signed-onclick="/* SIGNATURE=SHA-256:68b329da9893e34099c7d8ad5cb9c940 */ alert('hello')">
</div>

The signature is generated server-side with RSA/SHA-256. The stimulus controller should first validate the code, and if it's properly signed, attach the event handler (onclick in this example case) with the code wrapped in eval.

Checking the signature requires knowledge of the public key used for signing. The key should be expected to be available as base64 in a global variable SIGNED_INLINE_PUBLIC_KEY

Also create a function to be used server-side that takes code to sign and the private key and properly creates a string with the signed code

Related Objects
Search...

Event Timeline

kuba-orlik created this task.Tue, Jul 29, 17:29
kuba-orlik moved this task from Freezer (don't take those tasks just yet) to To do on the Kanban board.
kuba-orlik updated the task description. (Show Details)
kuba-orlik changed the point value for this task from 2 to 3.