87300988042f9b370f257fddf5a3ae0d21662851
galt
  Sat Feb 4 00:12:53 2017 -0800
Fixes for early warning during ajax callback; fixes for early warning in js. Changed to not only parse to but strip out the CSP header and js-with-nonce leaving cleaner html -- should create fewer "surprises" for existing screen-scraping code.

diff --git src/hg/js/alleles.js src/hg/js/alleles.js
index c14fb8f..19588ca 100644
--- src/hg/js/alleles.js
+++ src/hg/js/alleles.js
@@ -20,66 +20,56 @@
 
 
     function initSortTable()
     { // Initialize the sortable table
         var allelesTable = $('table#alleles.sortable');
         if (allelesTable.length === 1) {
             sortTable.initialize(allelesTable[0],false);
             sortTable.sortCaseSensitive(true);
         }
     }
 
     function update(content, status)
     { // Update the geneAlleles section based upon ajax request
         hideLoadingImage(this.loadingId);  // Do this first
 
-	var pageNonce = getNonce();
-
-	var ajaxNonce = stripNonce(content, false);
-    
-	var jsNonce = stripJsNonce(content, ajaxNonce, false);// DEBUG msg with true
         
         var geneAlleles = $('div#' + sectionName);
         if (geneAlleles.length > 0) {
             
             var cleanHtml = content;
+	    var nonceJs = {};
+	    cleanHtml = stripCSPAndNonceJs(cleanHtml, false, nonceJs); // DEBUG msg with true
             //cleanHtml = stripJsFiles(cleanHtml,true);   // DEBUG msg with true
             //cleanHtml = stripCssFiles(cleanHtml,true);  // DEBUG msg with true
             //cleanHtml = stripJsEmbedded(cleanHtml,true);// DEBUG msg with true
             var sectionBegin = "<!-- " + sectionName + " begin -->";
             var sectionEnd   = "<!-- " + sectionName + " end -->";
             var ix = cleanHtml.indexOf(sectionBegin);
             if (ix > 0)
                 cleanHtml = cleanHtml.substring(ix);
             ix = cleanHtml.indexOf(sectionEnd);
             if (ix > 0)
                 cleanHtml = cleanHtml.substring(0,ix + sectionEnd.length);
 
             if (cleanHtml.length > 0) {
 
                 ajaxUpdates++;
                 $(geneAlleles[0]).html( cleanHtml );
                 hiliteRemove();
 
-		// append ajax js blocks with nonce
-		for (i=0; i<jsNonce.length; ++i) {
-		    var sTag = document.createElement("script");
-		    sTag.type = "text/javascript";
-		    sTag.text = jsNonce[i];
-		    sTag.setAttribute('nonce', pageNonce); // CSP2 Requires
-		    document.head.appendChild(sTag);
-		}		
+		appendNonceJsToPage(nonceJs);
 
                 alleles.initialize();  // Must have prefix, since ajax call
             }
         }
     }
     
     function ajaxRequest(data)
     { // Request an ajax update of this section
     
         // Use current url but make sure it is relative
         var thisUrl = window.location.href;
         var ix = thisUrl.indexOf("cgi-bin");
         if (ix > 0)
             thisUrl = "../" + thisUrl.substring(ix);