Fixed #25165 -- Removed inline JavaScript from the admin.

This allows setting a Content-Security-Policy HTTP header (refs #15727). Special thanks to blighj, the original author of this patch.
2025-08-03 18:38:50 +00:00 · 2015-11-23 10:46:19 +00:00 · 2015-11-23 10:46:19 +00:00 · d638cdc42a
commit d638cdc42a
parent 105028eec6
42 changed files with 455 additions and 275 deletions
--- a/docs/ref/contrib/admin/javascript.txt
+++ b/docs/ref/contrib/admin/javascript.txt
@ -26,10 +26,17 @@ In your custom ``change_form.html`` template, extend the
 .. code-block:: html+django

    {% extends 'admin/change_form.html' %}
+    {% load admin_static %}

    {% block admin_change_form_document_ready %}
    {{ block.super }}
-    <script type="text/javascript">
+    <script type="text/javascript" src="{% static 'app/formset_handlers.js' %}></script>
+    </script>
+    {% endblock %}
+
+.. snippet:: javascript
+    :filename: app/static/app/formset_handlers.js
+
    (function($) {
        $(document).on('formset:added', function(event, $row, formsetName) {
            if (formsetName == 'author_set') {
@ -41,8 +48,6 @@ In your custom ``change_form.html`` template, extend the
            // Row removed
        });
    })(django.jQuery);
-    </script>
-    {% endblock %}

 Two points to keep in mind:

@ -60,16 +65,20 @@ namespace, just listen to the event triggered from there. For example:
 .. code-block:: html+django

    {% extends 'admin/change_form.html' %}
+    {% load admin_static %}

    {% block admin_change_form_document_ready %}
    {{ block.super }}
-    <script type="text/javascript">
-        django.jQuery(document).on('formset:added', function(event, $row, formsetName) {
-            // Row added
-        });
-
-        django.jQuery(document).on('formset:removed', function(event, $row, formsetName) {
-            // Row removed
-        });
-    </script>
+    <script type="text/javascript" src="{% static 'app/unregistered_handlers.js' %}></script>
    {% endblock %}
+
+.. snippet:: javascript
+    :filename: app/static/app/unregistered_handlers.js
+
+    django.jQuery(document).on('formset:added', function(event, $row, formsetName) {
+        // Row added
+    });
+
+    django.jQuery(document).on('formset:removed', function(event, $row, formsetName) {
+        // Row removed
+    });