Added support for Content Security Policy

In order to use debug toolbar with a content security policy enabled, no
inline scripts or styles can be used. This commit replaces all `style`
attributes with CSS or javascript. It uses `data` attributes to handle
the dynamic styles, like width and color.

Author: gavinwahl

debug_toolbar/static/debug_toolbar/css/toolbar.css

@@ -569,3 +569,12 @@
         display: none;
     }
 }
+#djDebug .hidden {
+    display: none;
+}
+#djDebug .monospace {
+    font-family: monospace;
+}
+#djDebug .lightgrey {
+    background-color: lightgrey;
+}

debug_toolbar/static/debug_toolbar/css/toolbar.min.css

@@ -140,6 +140,15 @@ window.djdt = (function(window, document, jQuery) {
 			$.each(djdt.events.ready, function(_, callback){
 				callback(djdt);
 			});
+
+			var data_css_properties = ['background-color', 'padding-left', 'left', 'width'];
+			for ( var i = 0; i < data_css_properties.length; i++ ) {
+				var name = data_css_properties[i];
+				$('#djDebug *[data-' + name + ']').each(function(index, elem) {
+					var $elem = $(elem);
+					$(elem).css(name, $elem.data(name));
+				});
+			}
 		},
 		toggle_content: function(elem) {
 			if (elem.is(':visible')) {

debug_toolbar/static/debug_toolbar/js/toolbar.js

@@ -1,11 +1,8 @@
 {% load i18n %}
-<style type="text/css">
-@media print { #djDebug {display:none;}}
-</style>
 <link rel="stylesheet" href="{{ STATIC_URL }}debug_toolbar/css/toolbar.min.css" type="text/css">
 <script type="text/javascript" src="{{ STATIC_URL }}debug_toolbar/js/toolbar.min.js"></script>
-<div id="djDebug" style="display:none;" dir="ltr">
-	<div style="display:none;" id="djDebugToolbar">
+<div id="djDebug" class="hidden" dir="ltr">
+	<div class="hidden" id="djDebugToolbar">
 		<ul id="djDebugPanelList">
 			{% if panels %}
 			<li><a id="djHideToolBarButton" href="#" title="{% trans "Hide Toolbar" %}">{% trans "Hide" %} &raquo;</a></li>
@@ -32,7 +29,7 @@
 			{% endfor %}
 		</ul>
 	</div>
-	<div style="display:none;" id="djDebugToolbarHandle">
+	<div class="hidden" id="djDebugToolbarHandle">
 		<a title="{% trans "Show Toolbar" %}" id="djShowToolBarButton" href="#">&laquo;</a>
 	</div>
 	{% for panel in panels %}

debug_toolbar/static/debug_toolbar/js/toolbar.min.js

@@ -51,7 +51,7 @@ <h3>{% trans "Calls" %}</h3>
 	{% for call in calls %}
 		<tr class="{% cycle 'djDebugOdd' 'djDebugEven' %}" id="cacheMain_{{ forloop.counter }}">
 			<td class="toggle">
-				<a class="djToggleSwitch" data-toggle-name="cacheMain" data-toggle-id="{{ forloop.counter }}" data-toggle-open="+" data-toggle-close="-" href="javascript:void(0)">+</a>
+				<a class="djToggleSwitch" data-toggle-name="cacheMain" data-toggle-id="{{ forloop.counter }}" data-toggle-open="+" data-toggle-close="-" href="#"></a>
 			</td>
 			<td>{{ call.time|floatformat:"4" }}</td>
 			<td>{{ call.name|escape }}</td>
@@ -66,4 +66,4 @@ <h3>{% trans "Calls" %}</h3>
 	{% endfor %}
 	</tbody>
 </table>
-{% endif %}
+{% endif %}

debug_toolbar/templates/debug_toolbar/base.html

@@ -13,12 +13,11 @@
 	</thead>
 	<tbody>
 		{% for call in func_list %}
-			<!--  style="background:{{ call.background }}" -->
 			<tr class="djDebugProfileRow{% for parent_id in call.parent_ids %} djToggleDetails_{{ parent_id }}{% endfor %}" depth="{{ call.depth }}">
 				<td>
-					<div style="padding-left: {{ call.indent }}px;">
+					<div data-padding-left="{{ call.indent }}px">
 						{% if call.has_subfuncs %}
-							<a class="djProfileToggleDetails djToggleSwitch" data-toggle-id="{{ call.id }}" data-toggle-open="+" data-toggle-close="-" href="javascript:void(0)">-</a>
+							<a class="djProfileToggleDetails djToggleSwitch" data-toggle-id="{{ call.id }}" data-toggle-open="+" data-toggle-close="-" href="#">-</a>
 						{% else %}
 							<span class="djNoToggleSwitch"></span>
 						{% endif %}
@@ -34,10 +33,10 @@
 			{% if call.line_stats_text %}
 				<tr class="djToggleDetails_{{ call.id }}{% for parent_id in call.parent_ids %} djToggleDetails_{{ parent_id }}{% endfor %}">
 					<td colspan="6">
-						<div style="padding-left: {{ call.indent }}px;"><pre>{{ call.line_stats_text }}</pre></div>
+						<div data-padding-left="{{ call.indent }}px"><pre>{{ call.line_stats_text }}</pre></div>
 					</td>
 				</tr>
 			{% endif %}
 		{% endfor %}
 	</tbody>
-</table>
+</table>

debug_toolbar/templates/debug_toolbar/panels/cache.html

@@ -32,7 +32,7 @@ <h4>{% trans 'COOKIES Variables' %}</h4>
 {% if cookies %}
 	<table>
 		<colgroup>
-			<col style="width:20%"/>
+			<col data-width="20%"/>
 			<col/>
 		</colgroup>
 		<thead>
@@ -58,7 +58,7 @@ <h4>{% trans 'SESSION Variables' %}</h4>
 {% if session %}
 	<table>
 		<colgroup>
-			<col style="width:20%"/>
+			<col data-width="20%"/>
 			<col/>
 		</colgroup>
 		<thead>

debug_toolbar/templates/debug_toolbar/panels/profiling.html

@@ -4,7 +4,7 @@
 	<ul class="stats">
 		{% for alias, info in databases %}
 			<li>
-				<strong class="label"><span style="background-color: rgb({{ info.rgb_color|join:", " }})" class="color">&nbsp;</span> {{ alias }}</strong>
+                <strong class="label"><span data-background-color="rgb({{ info.rgb_color|join:", " }})" class="color">&nbsp;</span> {{ alias }}</strong>
 				<span class="info">{{ info.time_spent|floatformat:"2" }} ms ({% blocktrans count info.num_queries as num %}{{ num }} query{% plural %}{{ num }} queries{% endblocktrans %})</span>
 			</li>
 		{% endfor %}
@@ -25,17 +25,17 @@
 		<tbody>
 			{% for query in queries %}
 				<tr class="djDebugHoverable {% cycle 'djDebugOdd' 'djDebugEven' %}{% if query.is_slow %} djDebugRowWarning{% endif %}{% if query.starts_trans %} djDebugStartTransaction{% endif %}{% if query.ends_trans %} djDebugEndTransaction{% endif %}{% if query.in_trans %} djDebugInTransaction{% endif %}" id="sqlMain_{{ forloop.counter }}">
-					<td class="color"><span style="background-color: rgb({{ query.rgb_color|join:", " }});">&nbsp;</span></td>
+					<td class="color"><span data-background-color="rgb({{ info.rgb_color|join:", " }})">&nbsp;</span></td>
 					<td class="toggle">
-						<a class="djToggleSwitch" data-toggle-name="sqlMain" data-toggle-id="{{ forloop.counter }}" data-toggle-open="+" data-toggle-close="-" href="javascript:void(0)">+</a>
+						<a class="djToggleSwitch" data-toggle-name="sqlMain" data-toggle-id="{{ forloop.counter }}" data-toggle-open="+" data-toggle-close="-" href="#">+</a>
 					</td>
 					<td class="query">
 						<div class="djDebugSqlWrap">
 							<div class="djDebugSql">{{ query.sql|safe }}</div>
 						</div>
 					</td>
 					<td class="timeline">
-						<div class="djDebugTimeline"><div class="djDebugLineChart{% if query.is_slow %} djDebugLineChartWarning{% endif %}" style="left:{{ query.start_offset|dotted_number }}%;"><strong style="width:{{ query.width_ratio_relative|dotted_number }}%;">{{ query.width_ratio }}%</strong></div></div>
+						<div class="djDebugTimeline"><div class="djDebugLineChart{% if query.is_slow %} djDebugLineChartWarning{% endif %}" data-left="{{ query.start_offset|dotted_number }}%"><strong data-width="{{ query.width_ratio_relative|dotted_number }}%">{{ query.width_ratio }}%</strong></div></div>
 					</td>
 					<td class="time">
 						{{ query.duration|floatformat:"2" }}
@@ -71,7 +71,7 @@
 									{% for line in query.template_info.context %}
 									<tr>
 										<td>{{ line.num }}</td>
-										<td><code style="font-family: monospace;{% if line.highlight %}background-color: lightgrey{% endif %}">{{ line.content }}</code></td>
+										<td><code class="monospace{% if line.highlight %} lightgrey{% endif %}">{{ line.content }}</code></td>
 									</tr>
 									{% endfor %}
 								</table>

debug_toolbar/templates/debug_toolbar/panels/request_vars.html

@@ -19,7 +19,7 @@ <h4>{% blocktrans count templates|length as template_count %}Template{% plural %
 	{% if template.context %}
 	<dd>
 		<div class="djTemplateShowContextDiv"><a class="djTemplateShowContext"><span class="toggleArrow">&#x25B6;</span> {% trans 'Toggle Context' %}</a></div>
-		<div class="djTemplateHideContextDiv" style="display:none;"><code>{{ template.context }}</code></div>
+		<div class="djTemplateHideContextDiv hidden"><code>{{ template.context }}</code></div>
 	</dd>
 	{% endif %}
 {% endfor %}
@@ -35,7 +35,7 @@ <h4>{% blocktrans count context_processors|length as context_processors_count %}
 	<dt><strong>{{ key|escape }}</strong></dt>
 	<dd>
 		<div class="djTemplateShowContextDiv"><a class="djTemplateShowContext"><span class="toggleArrow">&#x25B6;</span> {% trans 'Toggle Context' %}</a></div>
-		<div class="djTemplateHideContextDiv" style="display:none;"><code>{{ value|escape }}</code></div>
+		<div class="djTemplateHideContextDiv hidden"><code>{{ value|escape }}</code></div>
 	</dd>
 {% endfor %}
 </dl>

debug_toolbar/templates/debug_toolbar/panels/sql.html

@@ -1,7 +1,7 @@
 {% load i18n %}
 <table>
 	<colgroup>
-		<col style="width:20%"/>
+		<col data-width="20%"/>
 		<col/>
 	</colgroup>
 	<thead>