Skip to content

fixed copy and download button in wave reports #969

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pditommaso merged 4 commits into from
Jan 20, 2026
Merged

fixed copy and download button in wave reports #969

pditommaso merged 4 commits into from
Jan 20, 2026

Conversation

@munishchouhan
Copy link
Member

@munishchouhan munishchouhan commented Jan 20, 2026

Summary

Fixed Content Security Policy (CSP) violations preventing copy and download functionality in Wave UI by replacing all inline event handlers with data attributes and external JavaScript event listeners.

Problem

Users encountered CSP violations when clicking copy and download buttons:

Executing inline event handler violates the following Content Security Policy directive
'default-src 'self''. Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a
nonce ('nonce-...') is required to enable inline execution.

This error blocked all copy and download functionality across Wave view pages (builds, scans, containers, mirrors, inspect).

Root Cause

The application has a strict CSP policy configured in src/main/resources/application.yml:63:

content-security-policy: "default-src 'self'; frame-ancestors 'none'"

This policy blocks all inline JavaScript execution, including inline event handlers like onclick="...". All HBS template files were using inline event handlers, which violated this security policy.

Solution

Replaced all inline event handlers with data attributes and attached event listeners via external JavaScript.

Before (Insecure - CSP Violation)

<button onclick="copyToClipboard('{{digest}}', this)" title="Copy digest">
    <svg>...</svg>
</button>
<button onclick="window.location.href='{{url}}'" title="Download">
    <svg>...</svg>
</button>

After (Secure - CSP Compliant)

<button data-copy="{{digest}}" title="Copy digest">
    <svg>...</svg>
</button>
<button data-download-url="{{url}}" title="Download">
    <svg>...</svg>
</button>

Changes

JavaScript Changes

File: src/main/resources/io/seqera/wave/assets/copy.js

Added Event Listener Initialization

document.addEventListener('DOMContentLoaded', function() {
    // Handle copy buttons with data-copy attribute
    document.querySelectorAll('[data-copy]').forEach(button => {
        button.addEventListener('click', function() {
            const textToCopy = this.getAttribute('data-copy');
            copyToClipboard(textToCopy, this);
        });
    });

    // Handle copy buttons with data-copy-from-element attribute
    document.querySelectorAll('[data-copy-from-element]').forEach(button => {
        button.addEventListener('click', function() {
            const elementId = this.getAttribute('data-copy-from-element');
            const element = document.getElementById(elementId);
            if (element) {
                copyToClipboard(element.textContent, this);
            }
        });
    });

    // Handle download buttons with data-download-url attribute
    document.querySelectorAll('[data-download-url]').forEach(button => {
        button.addEventListener('click', function() {
            const url = this.getAttribute('data-download-url');
            if (url) {
                window.open(url, '_blank');
            }
        });
    });

    // Handle evict from cache button
    const evictButton = document.getElementById('evictFromCacheBtn');
    if (evictButton) {
        evictButton.addEventListener('click', evictFromCache);
    }
});

Fixed evictFromCache Function

  • Moved from inline <script> in container-view.hbs to copy.js
  • Updated to retrieve button reference internally instead of relying on global scope

Checklist

  • All inline onclick handlers removed from HBS files
  • Event listeners properly attached in copy.js
  • Copy functionality tested across all views
  • Download functionality tested across all views
  • Cache eviction tested
  • No CSP errors in browser console
  • Browser compatibility verified
  • Code follows existing patterns and conventions
  • No breaking changes introduced

@munishchouhan
fixed copy and download button
b8a6cfb 
Signed-off-by: munishchouhan <hrma017@gmail.com>
@munishchouhan munishchouhan linked an issue Jan 20, 2026 that may be closed by this pull request
[Bug] Copy and download is not working reports #968
Closed
@munishchouhan munishchouhan self-assigned this Jan 20, 2026
@munishchouhan
[release] test 1.32.3-A0
d2e9c57 
Signed-off-by: munishchouhan <hrma017@gmail.com>
@munishchouhan
Copy link
Member Author

munishchouhan commented Jan 20, 2026

tested in dev

Screen.Recording.2026-01-20.at.08.12.20.mov

@pditommaso @claude
Refactor copy.js to use event delegation
ee46293 
Replace multiple querySelectorAll loops with a single click
event listener using event delegation pattern. This simplifies
the code and removes the need for DOMContentLoaded.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@pditommaso
Copy link
Collaborator

pditommaso commented Jan 20, 2026

Well done. I've trimmed down the JS to a more compact solution replacing multiple querySelectorAll loops with a single click event listener using event delegation pattern. This simplifies the code and removes the need for DOMContentLoaded.

Please give it a try

@munishchouhan
Copy link
Member Author

munishchouhan commented Jan 20, 2026

Well done. I've trimmed down the JS to a more compact solution replacing multiple querySelectorAll loops with a single click event listener using event delegation pattern. This simplifies the code and removes the need for DOMContentLoaded.

Please give it a try

yes its working

@munishchouhan
Copy link
Member Author

munishchouhan commented Jan 20, 2026

Screen.Recording.2026-01-20.at.11.09.53.mov

pditommaso
pditommaso reviewed Jan 20, 2026
View reviewed changes
@munishchouhan
Copy link
Member Author

munishchouhan commented Jan 20, 2026
edited
Loading

@pditommaso I cannot merge it because it contains unverified commits

@pditommaso
Copy link
Collaborator

pditommaso commented Jan 20, 2026

Opps

@pditommaso pditommaso merged commit 22601f1 into master Jan 20, 2026
1 check passed
@pditommaso pditommaso deleted the 968-bug-copy-is-not-working-reports branch January 20, 2026 10:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pditommaso pditommaso pditommaso approved these changes

@cristianrcv cristianrcv Awaiting requested review from cristianrcv

@alvaromartmart alvaromartmart Awaiting requested review from alvaromartmart

Assignees

@munishchouhan munishchouhan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] Copy and download is not working reports

3 participants

@munishchouhan @pditommaso