From 69612d039ac1d0cf3b03231489970ec64ef93e8e Mon Sep 17 00:00:00 2001
From: Chau Yun Pang <pang@palmary.com.hk>
Date: Thu, 23 Oct 2025 14:48:03 +0800
Subject: [PATCH] Fix CSP violations by replacing inline styles with CSS
 classes

- Replace Html::addCssStyle() with CSS classes in renderInput() method
- Replace inline style attributes with CSS classes in renderToggleAll() method
- Add new CSP-compliant CSS classes: s2-plugin-loading, s2-plugin-loading-bs3, s2-accesskey-btn, s2-togall-hidden
- Update both regular and minified CSS files
- Maintains backward compatibility and existing functionality
- Improves Content Security Policy compliance by removing 'unsafe-inline' style dependencies

Fixes inline style violations that prevent strict CSP implementation.
---
 src/Select2.php                     |  9 ++++-----
 src/assets/css/select2-addl.css     | 21 +++++++++++++++++++++
 src/assets/css/select2-addl.min.css |  2 +-
 3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/src/Select2.php b/src/Select2.php
index fbf15a6..bb010bb 100644
--- a/src/Select2.php
+++ b/src/Select2.php
@@ -319,11 +319,11 @@ protected function renderToggleAll()
             $accesskey = substr($this->accesskey, 0, 1);
             echo Html::tag('button', '', [
                 'accesskey' => $accesskey,
-                'style' => 'background: transparent;border: none !important;font-size:0;',
+                'class' => 's2-accesskey-btn',
                 'onfocus' => '$("#'.$this->options['id'].'").select2("open");',
             ]);
         }
-        echo Html::tag('span', $out, ['id' => 'parent-'.$options['id'], 'style' => 'display:none']);
+        echo Html::tag('span', $out, ['id' => 'parent-'.$options['id'], 'class' => 's2-togall-hidden']);
     }
 
     /**
@@ -399,11 +399,10 @@ protected function renderInput()
     {
         if ($this->pluginLoading) {
             $this->_loadIndicator = '<div class="kv-plugin-loading loading-'.$this->options['id'].'">&nbsp;</div>';
-            $opts = ['width' => '1px', 'height' => '1px', 'visibility' => 'hidden'];
+            Html::addCssClass($this->options, 's2-plugin-loading');
             if ($this->isBs(3)) {
-                $opts['width'] = '100%';
+                Html::addCssClass($this->options, 's2-plugin-loading-bs3');
             }
-            Html::addCssStyle($this->options, $opts);
         }
         Html::addCssClass($this->options, 'form-control');
         $input = $this->getInput('dropDownList', true);
diff --git a/src/assets/css/select2-addl.css b/src/assets/css/select2-addl.css
index 35d6664..34604d2 100644
--- a/src/assets/css/select2-addl.css
+++ b/src/assets/css/select2-addl.css
@@ -40,4 +40,25 @@
 .s2-togall-button .s2-select-label i,
 .s2-togall-button .s2-unselect-label i {
     margin: auto 0.25rem;
+}
+
+/* CSP-compliant classes to replace inline styles */
+.s2-plugin-loading {
+    width: 1px !important;
+    height: 1px !important;
+    visibility: hidden !important;
+}
+
+.s2-plugin-loading-bs3 {
+    width: 100% !important;
+}
+
+.s2-accesskey-btn {
+    background: transparent !important;
+    border: none !important;
+    font-size: 0 !important;
+}
+
+.s2-togall-hidden {
+    display: none !important;
 }
\ No newline at end of file
diff --git a/src/assets/css/select2-addl.min.css b/src/assets/css/select2-addl.min.css
index 45a29e0..c6842a3 100644
--- a/src/assets/css/select2-addl.min.css
+++ b/src/assets/css/select2-addl.min.css
@@ -7,4 +7,4 @@
  * Author: Kartik Visweswaran
  * For more JQuery plugins visit http://plugins.krajee.com
  * For more Yii related demos visit http://demos.krajee.com
- */.s2-togall-select .s2-unselect-label,.s2-togall-unselect .s2-select-label{display:none}.s2-togall-button{display:inline-block;font-weight:400;color:#337ab7;padding:.5rem;cursor:pointer}.s2-togall-button:focus,.s2-togall-button:hover{color:#23527c;text-decoration:underline;background-color:transparent}.s2-togall-select .s2-select-label,.s2-togall-unselect .s2-unselect-label{display:inline}.s2-select-label,.s2-unselect-label{line-height:1.1;font-size:13px}.s2-togall-button .s2-select-label i,.s2-togall-button .s2-unselect-label i{margin:auto .25rem}
\ No newline at end of file
+ */.s2-togall-select .s2-unselect-label,.s2-togall-unselect .s2-select-label{display:none}.s2-togall-button{display:inline-block;font-weight:400;color:#337ab7;padding:.5rem;cursor:pointer}.s2-togall-button:focus,.s2-togall-button:hover{color:#23527c;text-decoration:underline;background-color:transparent}.s2-togall-select .s2-select-label,.s2-togall-unselect .s2-unselect-label{display:inline}.s2-select-label,.s2-unselect-label{line-height:1.1;font-size:13px}.s2-togall-button .s2-select-label i,.s2-togall-button .s2-unselect-label i{margin:auto .25rem}.s2-plugin-loading{width:1px!important;height:1px!important;visibility:hidden!important}.s2-plugin-loading-bs3{width:100%!important}.s2-accesskey-btn{background:transparent!important;border:none!important;font-size:0!important}.s2-togall-hidden{display:none!important}
\ No newline at end of file