From d638cdc42acec608c1967f44af6be32a477c239f Mon Sep 17 00:00:00 2001 From: Thomas Grainger Date: Mon, 23 Nov 2015 10:46:19 +0000 Subject: Fixed #25165 -- Removed inline JavaScript from the admin. This allows setting a Content-Security-Policy HTTP header (refs #15727). Special thanks to blighj, the original author of this patch. --- docs/ref/contrib/admin/javascript.txt | 33 +++++++++++++++++++++------------ docs/releases/1.10.txt | 3 +++ 2 files changed, 24 insertions(+), 12 deletions(-) (limited to 'docs') diff --git a/docs/ref/contrib/admin/javascript.txt b/docs/ref/contrib/admin/javascript.txt index f953b269ad..b517aa18cc 100644 --- a/docs/ref/contrib/admin/javascript.txt +++ b/docs/ref/contrib/admin/javascript.txt @@ -26,10 +26,17 @@ In your custom ``change_form.html`` template, extend the .. code-block:: html+django {% extends 'admin/change_form.html' %} + {% load admin_static %} {% block admin_change_form_document_ready %} {{ block.super }} - + + {% endblock %} + +.. snippet:: javascript + :filename: app/static/app/formset_handlers.js + (function($) { $(document).on('formset:added', function(event, $row, formsetName) { if (formsetName == 'author_set') { @@ -41,8 +48,6 @@ In your custom ``change_form.html`` template, extend the // Row removed }); })(django.jQuery); - - {% endblock %} Two points to keep in mind: @@ -60,16 +65,20 @@ namespace, just listen to the event triggered from there. For example: .. code-block:: html+django {% extends 'admin/change_form.html' %} + {% load admin_static %} {% block admin_change_form_document_ready %} {{ block.super }} - +