[fix] simple theme: make autocomplete-js CSP compliant

The CSP issue is, that the `_Position` function in the autocomplete-js set the
style attributes by `setAttribute("style", ...)`.  Using `setAttribute` to set
the style attribute invokes the HTML parser and CSP is triggered [1].

This patch overwrite the `_Position` function of autocomplete-js.

BTW: remove trailing whitespace

[1] https://stackoverflow.com/a/57633533

Closes: https://github.com/searxng/searxng/issues/352
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>

1 files changed, 7 insertions, 1 deletions

diff --git a/searx/static/themes/simple/src/js/main/search.js b/searx/static/themes/simple/src/js/main/search.js
index 0244a90ea..09a90b7e9 100644
--- a/searx/static/themes/simple/src/js/main/search.js
+++ b/searx/static/themes/simple/src/js/main/search.js
@@ -54,7 +54,7 @@
     if (qinput !== null) {
       // clear button
       createClearButton(qinput);
-      
+
       // autocompleter
       if (searxng.autocompleter) {
         searxng.autocomplete = AutoComplete.call(w, {
@@ -67,6 +67,12 @@
           },
           MinChars: 4,
           Delay: 300,
+          _Position:function() {
+            this.DOMResults.setAttribute("class", "autocomplete");
+            this.DOMResults.style.top = (this.Input.offsetTop + this.Input.offsetHeight) + "px";
+            this.DOMResults.style.left = this.Input.offsetLeft + "px";
+            this.DOMResults.style.width = this.Input.clientWidth + "px";
+          },
         }, "#" + qinput_id);
 
         // hack, see : https://github.com/autocompletejs/autocomplete.js/issues/37