6

I have a webpage that generates random quotes and I've got a button that, when clicked, should redirect to the Twitter web intent page in order to allow the viewer send a tweet already pre-populated with the text of the quote.

The code of the button:

<a class="btn btn-info btn-lg" href="#" data-size="large" 
id="tweet-button"><i class="fa fa-twitter"></i>Tweet the current quote!</a>

And the jQuery when the button is clicked will modify the "href" attribute of the button so it will add the pre-populated text into the URL to show it thereafter.

$("#tweet-button").click(function (){
    $(this).attr("href", "https://twitter.com/intent/tweet?text=" + encodeURIComponent($("#quote").text()) );
});

When I click the button I get this error:

Refused to execute inline script because it violates the following
Content Security Policy directive: "script-src
https://connect.facebook.net https://cm.g.doubleclick.net 
https://ssl.google-analytics.com https://graph.facebook.com  
https://twitter.com https://*.userzoom.com 'unsafe-eval' 
https://*.twimg.com https://api.twitter.com https://analytics.twitter.com 
'nonce-6B1Ck//9/fE6OIatYBYe4A==' https://ton.twitter.com  
https://syndication.twitter.com https://www.google.com 
https://t.tellapart.com https://platform.twitter.com https://www.google-
analytics.com 'self'". Either the 'unsafe-inline' keyword, a hash 
('sha256-<sha256-hash'), or a nonce ('nonce-...') is required to enable 
inline execution

If I include a static text in the URL instead of loading from $("#quote").text() works properly, but can't figure out why. I should also get the CSP error either ways or not getting at all in both situations.

cfnerd
  • 3,658
  • 12
  • 32
  • 44
Urco
  • 365
  • 3
  • 14

0 Answers0