add_csp_nonces.pl - Add CSP nonces to inline script tags in templates
# Dry run (default) - show what would be changed
perl misc/devel/add_csp_nonces.pl
# Actually modify files
perl misc/devel/add_csp_nonces.pl --apply
# Verbose output
perl misc/devel/add_csp_nonces.pl --verbose
# Process specific directory
perl misc/devel/add_csp_nonces.pl --dir koha-tmpl/opac-tmpl
This script adds CSP (Content Security Policy) nonce attributes to inline <script> tags in Koha templates. This is required for CSP compliance.
The script: - Finds all .tt and .inc files in koha-tmpl/ - Identifies inline <script> tags (those without src= attribute) - Adds nonce="[% Koha.CSPNonce | $raw %]" attribute - Skips tags that already have nonce attributes - Skips external scripts (those with src= attribute)