Inline JavaScript should be re-rewritten for Drupal 8 to define libraries and use drupalSettings to pass data.
When inline code blocks are absolutely necessary, this module extends Drupal's asset system to allow attaching inline scripts and styles to render array elements.
When using Content Security Policy module, hashes are automatically added to the page's policy to remove the need for 'unsafe-inline', and limit the risk of Cross Site Scripting vulnerabilities.
Example Usage
$render['element'] = [
'#attached' => [
// Existing Functionality
'library' => [
'drupal/drupalSettings'
],
'drupalSettings' => ['module' => $data],
// New functionality
'js' => [
[
'data' => 'alert("Hi!")',
'scope' => 'header',
'dependencies' => ['core/jquery'],
],
],
'css' => [
[
'data' => '#logo { border 1px solid #000; }',
'attributes' => [
'media' => 'all',
]
'group' => CSS_THEME,
],
],
],
];
Project information
- Project categories: Developer tools
- Ecosystem: Content-Security-Policy
185 sites report using this module- Created by gapple on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
Releases
8.x-1.7
released 6 May 2025
released 6 May 2025
Works with Drupal: ^10 || ^11
Install:
Development version: 8.x-1.x-dev updated 6 May 2025 at 08:55 UTC
