diff --git a/BTCPayServer/TagHelpers.cs b/BTCPayServer/TagHelpers.cs index 2da80a64f8..6db34b3c83 100644 --- a/BTCPayServer/TagHelpers.cs +++ b/BTCPayServer/TagHelpers.cs @@ -86,6 +86,7 @@ public CSPEventTagHelper(ContentSecurityPolicies csp) } public override void Process(TagHelperContext context, TagHelperOutput output) { + bool cspAllow = output.Attributes.RemoveAll("csp-allow"); foreach (var attr in output.Attributes) { var n = attr.Name.ToLowerInvariant(); @@ -96,7 +97,7 @@ public override void Process(TagHelperContext context, TagHelperOutput output) else if (n == "href") { var v = attr.Value.ToString(); - if (v.StartsWith("javascript:", StringComparison.OrdinalIgnoreCase)) + if (v.StartsWith("javascript:", StringComparison.OrdinalIgnoreCase) && cspAllow) { Allow(v); } diff --git a/BTCPayServer/Views/Account/LoginWithFido2.cshtml b/BTCPayServer/Views/Account/LoginWithFido2.cshtml index 6b1682bf86..cd67f0f9e4 100644 --- a/BTCPayServer/Views/Account/LoginWithFido2.cshtml +++ b/BTCPayServer/Views/Account/LoginWithFido2.cshtml @@ -18,7 +18,7 @@
Insert your security key into your computer's USB port. If it has a button, tap on it.
- Retry + Retry diff --git a/BTCPayServer/Views/Fido2/Create.cshtml b/BTCPayServer/Views/Fido2/Create.cshtml index 8815b41e5f..bc33151dd7 100644 --- a/BTCPayServer/Views/Fido2/Create.cshtml +++ b/BTCPayServer/Views/Fido2/Create.cshtml @@ -13,7 +13,7 @@Insert your security key into your computer's USB port. If it has a button, tap on it.
- Retry + Retry diff --git a/BTCPayServer/Views/Invoice/ListInvoices.cshtml b/BTCPayServer/Views/Invoice/ListInvoices.cshtml index 83a51a84f3..a03b94e8fe 100644 --- a/BTCPayServer/Views/Invoice/ListInvoices.cshtml +++ b/BTCPayServer/Views/Invoice/ListInvoices.cshtml @@ -333,7 +333,7 @@