From f436931277afc1ecd9c52eb846d9f20fb91c9859 Mon Sep 17 00:00:00 2001
From: Simon Grim <scary@tasty.sexy>
Date: Sat, 2 Feb 2019 19:44:11 +0500
Subject: [PATCH] add workaround to deal with CSP interruption of
 theme_option.js

---
 js/interface_common.js       | 10 ++++------
 theme_nin/js/theme_option.js |  3 ++-
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/js/interface_common.js b/js/interface_common.js
index 7c1dcdb..1c3d725 100644
--- a/js/interface_common.js
+++ b/js/interface_common.js
@@ -2744,19 +2744,17 @@ function changeStyle() {
     if (theme === 'nin') {
         style = 'theme_nin/css/style.css';
         profile = 'theme_nin/css/profile.css';
+        // we use .ajax because .getScript requires 'unsafe-inline' CSP rule for now, see https://github.com/jquery/jquery/issues/3969
         $.ajax({dataType: 'text', url: 'theme_nin/js/theme_option.js'})
-            .done(function(script, textStatus) {
-                eval(script);  // FIXME
-                //applyThemePptions();
-            })
-        ;
+            .done(function(res) {eval(res);});
     } else if (theme === 'calm') {
         style = 'theme_calm/css/style.css';
         profile = 'theme_calm/css/profile.css';
     } else if (theme === 'original') {
         style = 'css/style.css';
         profile = 'css/profile.css';
-        $.getScript('theme_original/js/theme_option.js');
+        $.ajax({dataType: 'text', url: 'theme_original/js/theme_option.js'})
+            .done(function(res) {eval(res);});
     }
 
     $('#stylecss').attr('href', style);
diff --git a/theme_nin/js/theme_option.js b/theme_nin/js/theme_option.js
index ca94d1a..f2b49e5 100644
--- a/theme_nin/js/theme_option.js
+++ b/theme_nin/js/theme_option.js
@@ -6,7 +6,8 @@ $(function () {
     $('img[src$="img/tornado_avatar.png"]').attr("src","theme_nin/img/tornado_avatar.png");
     $('.mini-profile-actions span').html('');
 
-    $.globalEval(postToElem.toString().replace(/postContext.append\(twister\.tmpl\.postRtBy/,
+    // indirect eval call in hope to execute code globally
+    (1, eval)(postToElem.toString().replace(/postContext.append\(twister\.tmpl\.postRtBy/,
         'postContext.prependTo(postContext.parent()).append(twister.tmpl.postRtBy'));
 
     $('.userMenu-home.current a').on('click', function () {