Attach Inline
208 sites
Security covered
This module allows developers to attach inline JavaScript and CSS directly to render array elements within Drupal. It also enhances security by automatically adding hashes for Content Security Policy, helping to prevent XSS vulnerabilities.
Inline JavaScript should be re-rewritten for Drupal 8 to define libraries and use drupalSettings to pass data.
When inline code blocks are absolutely necessary, this module extends Drupal's asset system to allow attaching inline scripts and styles to render array elements.
When using Content Security Policy module, hashes are automatically added to the page's policy to remove the need for 'unsafe-inline', and limit the risk of Cross Site Scripting vulnerabilities.
Example Usage
$render['element'] = [
'#attached' => [
// Existing Functionality
'library' => [
'drupal/drupalSettings'
],
'drupalSettings' => ['module' => $data],
// New functionality
'js' => [
[
'data' => 'alert("Hi!")',
'scope' => 'header',
'dependencies' => ['core/jquery'],
],
],
'css' => [
[
'data' => '#logo { border 1px solid #000; }',
'attributes' => [
'media' => 'all',
]
'group' => CSS_THEME,
],
],
],
];