diff --git a/doc/advanced.rst b/doc/advanced.rst
index 2f3dcba10c..56b361b8cd 100644
--- a/doc/advanced.rst
+++ b/doc/advanced.rst
@@ -37,6 +37,10 @@ of how to configure Flask-Admin to inject CSP nonce values::
app,
content_security_policy={
"default-src": "'self'",
+ "script-src": "'self'",
+ "style-src": "'self' 'unsafe-inline' fonts.googleapis.com ",
+ "font-src": "'self' fonts.gstatic.com data: ",
+ "img-src": "'self' data: ",
},
content_security_policy_nonce_in=["script-src", "style-src"]
)
diff --git a/flask_admin/form/widgets.py b/flask_admin/form/widgets.py
index eb4e858b39..d2af836bb4 100644
--- a/flask_admin/form/widgets.py
+++ b/flask_admin/form/widgets.py
@@ -107,12 +107,20 @@ def __init__(self, template: str) -> None:
self.template = template
def __call__(self, field: Field, **kwargs: t.Any) -> str:
+ admin = h.g._admin_view.admin
+ admin_csp_nonce_attribute = (
+ Markup(f'nonce="{admin.csp_nonce_generator()}"')
+ if admin.csp_nonce_generator
+ else ""
+ )
+
kwargs.update(
{
"field": field,
"_gettext": gettext,
"_ngettext": ngettext,
"h": h,
+ "admin_csp_nonce_attribute": admin_csp_nonce_attribute,
}
)
diff --git a/flask_admin/static/admin/js/helpers.js b/flask_admin/static/admin/js/helpers.js
index bf8d2601ee..fd51499a60 100644
--- a/flask_admin/static/admin/js/helpers.js
+++ b/flask_admin/static/admin/js/helpers.js
@@ -9,4 +9,10 @@
}
}
};
+
+ $('.a-unlink').on('click', function(e) {
+ console.log('click a-unlink');
+ e.preventDefault();
+ });
+
})();
diff --git a/flask_admin/templates/bootstrap4/admin/actions.html b/flask_admin/templates/bootstrap4/admin/actions.html
index 89899089b8..f94bf6236a 100644
--- a/flask_admin/templates/bootstrap4/admin/actions.html
+++ b/flask_admin/templates/bootstrap4/admin/actions.html
@@ -1,16 +1,29 @@
{% import 'admin/static.html' as admin_static with context %}
{% macro dropdown(actions, btn_class='nav-link dropdown-toggle') -%}
- {{ _gettext('With selected') }}
+
+
{% endmacro %}
+
{% macro form(actions, url) %}
{% if actions %}
@@ -100,7 +101,8 @@
{% if delete_form.csrf_token is defined and delete_form.csrf_token %}
{{ delete_form.csrf_token }}
{% endif %}
-