[UK] Add nonce to all script tags lacking it.

13 files changed, 21 insertions, 15 deletions

diff --git a/templates/web/bathnes/tracking_code.html b/templates/web/bathnes/tracking_code.html
index a6d832e21..d7ad4679c 100644
--- a/templates/web/bathnes/tracking_code.html
+++ b/templates/web/bathnes/tracking_code.html
@@ -1,6 +1,6 @@
 [% IF c.config.BASE_URL == "https://www.fixmystreet.com" %]
 <script async src="https://www.googletagmanager.com/gtag/js?id=UA-418184-9"></script>
-<script>
+<script nonce="[% csp_nonce %]">
     window.dataLayer = window.dataLayer || [];
     function gtag(){dataLayer.push(arguments);}
     gtag('js', new Date());
@@ -9,7 +9,8 @@
 </script>
 
 <!-- Google Tag Manager -->
-<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+<script nonce="[% csp_nonce %]">
+(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
 new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
 j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
@@ -17,7 +18,8 @@ j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
 <!-- End Google Tag Manager -->
 
 <!-- Hotjar Tracking Code for www.bathnes.gov.uk -->
-<script> (function(h,o,t,j,a,r){ h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)}; h._hjSettings={hjid:909367,hjsv:6}; a=o.getElementsByTagName('head')[0]; r=o.createElement('script');r.async=1; r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv; a.appendChild(r); })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv='); </script>
+<script nonce="[% csp_nonce %]">
+(function(h,o,t,j,a,r){ h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)}; h._hjSettings={hjid:909367,hjsv:6}; a=o.getElementsByTagName('head')[0]; r=o.createElement('script');r.async=1; r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv; a.appendChild(r); })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv='); </script>
 [% ELSE %]
 <!-- Tracking code not inserted as "[% c.config.BASE_URL %]" not "https://www.fixmystreet.com" -->
 [% END %]
diff --git a/templates/web/bristol/tracking_code.html b/templates/web/bristol/tracking_code.html
index a8fefe229..af3c9aa66 100644
--- a/templates/web/bristol/tracking_code.html
+++ b/templates/web/bristol/tracking_code.html
@@ -1,6 +1,6 @@
 [% IF c.config.BASE_URL == "https://www.fixmystreet.com" %]
 
-<script>
+<script nonce="[% csp_nonce %]">
     !function(b,r,i,s,t,o,l){b.GoogleAnalyticsObject=i;b[i]||(b[i]=function(){
     (b[i].q=b[i].q||[]).push(arguments)});b[i].l=+new Date;o=r.createElement(s);
     l=r.getElementsByTagName(s)[0];o.src=t;l.parentNode.insertBefore(o,l)}
diff --git a/templates/web/buckinghamshire/tracking_code.html b/templates/web/buckinghamshire/tracking_code.html
index 2af08af09..070ef2dfc 100644
--- a/templates/web/buckinghamshire/tracking_code.html
+++ b/templates/web/buckinghamshire/tracking_code.html
@@ -1,7 +1,8 @@
 [% IF c.config.BASE_URL == "https://www.fixmystreet.com" %]
 
 <!-- Google Tag Manager -->
-<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+<script nonce="[% csp_nonce %]">
+(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
 new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
 j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
diff --git a/templates/web/cheshireeast/header_extra.html b/templates/web/cheshireeast/header_extra.html
index c55188dad..11afd4167 100644
--- a/templates/web/cheshireeast/header_extra.html
+++ b/templates/web/cheshireeast/header_extra.html
@@ -2,7 +2,7 @@
 
 [% IF c.config.BASE_URL == "https://www.fixmystreet.com" %]
 <script async src="https://www.googletagmanager.com/gtag/js?id=UA-10804167-1"></script>
-<script>
+<script nonce="[% csp_nonce %]">
   window.dataLayer = window.dataLayer || [];
   function gtag(){dataLayer.push(arguments);}
   gtag('js', new Date());
diff --git a/templates/web/hounslow/tracking_code.html b/templates/web/hounslow/tracking_code.html
index d5d443560..067fb1a58 100644
--- a/templates/web/hounslow/tracking_code.html
+++ b/templates/web/hounslow/tracking_code.html
@@ -2,7 +2,7 @@
 
 <!-- Global Site Tag (gtag.js) - Google Analytics -->
 <script async src="https://www.googletagmanager.com/gtag/js?id=UA-136557400-1"></script>
-<script>
+<script nonce="[% csp_nonce %]">
   window.dataLayer = window.dataLayer || [];
   function gtag(){dataLayer.push(arguments);}
   gtag('js', new Date());
diff --git a/templates/web/isleofwight/tracking_code.html b/templates/web/isleofwight/tracking_code.html
index 26358b589..bfbffd384 100644
--- a/templates/web/isleofwight/tracking_code.html
+++ b/templates/web/isleofwight/tracking_code.html
@@ -1,6 +1,6 @@
 [% IF c.config.BASE_URL == "https://www.fixmystreet.com" %]
 
-<script>
+<script nonce="[% csp_nonce %]">
   (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
   (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
   m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
diff --git a/templates/web/lincolnshire/tracking_code.html b/templates/web/lincolnshire/tracking_code.html
index ec19eba44..7933f08a1 100644
--- a/templates/web/lincolnshire/tracking_code.html
+++ b/templates/web/lincolnshire/tracking_code.html
@@ -1,7 +1,8 @@
 [% IF c.config.BASE_URL == "https://www.fixmystreet.com" %]
 
 <!-- Google Tag Manager -->
-<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+<script nonce="[% csp_nonce %]">
+(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
 new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
 j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
diff --git a/templates/web/northamptonshire/tracking_code.html b/templates/web/northamptonshire/tracking_code.html
index 421e20cab..4e1dc5884 100644
--- a/templates/web/northamptonshire/tracking_code.html
+++ b/templates/web/northamptonshire/tracking_code.html
@@ -1,6 +1,6 @@
 [% IF c.config.BASE_URL == "https://www.fixmystreet.com" %]
 <script async src="https://www.googletagmanager.com/gtag/js?id=UA-70376243-1"></script>
-<script>
+<script nonce="[% csp_nonce %]">
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
diff --git a/templates/web/oxfordshire/tracking_code.html b/templates/web/oxfordshire/tracking_code.html
index 14afb5de0..43b0e37c5 100644
--- a/templates/web/oxfordshire/tracking_code.html
+++ b/templates/web/oxfordshire/tracking_code.html
@@ -1,7 +1,8 @@
 [% IF c.config.BASE_URL == "https://www.fixmystreet.com" %]
 
 <!-- Google Tag Manager -->
-<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+<script nonce="[% csp_nonce %]">
+(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
 new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
 j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
diff --git a/templates/web/peterborough/tracking_code.html b/templates/web/peterborough/tracking_code.html
index 695aac833..ba375683d 100644
--- a/templates/web/peterborough/tracking_code.html
+++ b/templates/web/peterborough/tracking_code.html
@@ -2,7 +2,7 @@
 
 <!-- Global Site Tag (gtag.js) - Google Analytics -->
 <script async src="https://www.googletagmanager.com/gtag/js?id=UA-144500283-1"></script>
-<script>
+<script nonce="[% csp_nonce %]">
   window.dataLayer = window.dataLayer || [];
   function gtag(){dataLayer.push(arguments);}
   gtag('js', new Date());
diff --git a/templates/web/stevenage/tracking_code.html b/templates/web/stevenage/tracking_code.html
index e7c2bafd6..0bee01d73 100644
--- a/templates/web/stevenage/tracking_code.html
+++ b/templates/web/stevenage/tracking_code.html
@@ -1,6 +1,6 @@
 [% IF c.config.BASE_URL == "https://www.fixmystreet.com" %]
 
-<script>
+<script nonce="[% csp_nonce %]">
   (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
   (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
   m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
diff --git a/templates/web/westminster/tracking_code.html b/templates/web/westminster/tracking_code.html
index 14b65854e..dec32a3ad 100644
--- a/templates/web/westminster/tracking_code.html
+++ b/templates/web/westminster/tracking_code.html
@@ -1,6 +1,7 @@
 [% IF c.config.BASE_URL == "https://www.fixmystreet.com" OR c.config.BASE_URL == "https://staging.fixmystreet.com" %]
 <!-- Google Tag Manager -->
-<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
+<script nonce="[% csp_nonce %]">
+(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
 new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
 j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
diff --git a/templates/web/zurich/tracking_code.html b/templates/web/zurich/tracking_code.html
index bffd0fd6f..cf7fbbadd 100644
--- a/templates/web/zurich/tracking_code.html
+++ b/templates/web/zurich/tracking_code.html
@@ -2,7 +2,7 @@
     SET ga_code = 'UA-38427437-1';
     SET ga_code = 'UA-39223200-1' IF c.config.BASE_URL == "https://www.zueriwieneu.ch";
 %]
-<script type="text/javascript">
+<script nonce="[% csp_nonce %]">
 
   var _gaq = _gaq || [];
   _gaq.push(['_setAccount', '[% ga_code %]']);