diff options
| author | Osmium Sorcerer <os@sof.beauty> | 2026-06-06 02:27:32 +0000 |
|---|---|---|
| committer | Osmium Sorcerer <os@sof.beauty> | 2026-06-06 03:09:27 +0000 |
| commit | 8bf3cae6ac89de9569a7ec629594954804a2b55a (patch) | |
| tree | d897073049c414e15dd33c0ad1dac4345801b22e /webAO/packets/handlers | |
| parent | e0ce108e0806d18353ad85125b2b5f1b1c67e07d (diff) | |
CSP hardening: remove inline styles
Similar to removal of inline scripts, everything was taken out into the
CSS files, with the same styles applied there directly. This lets us
use `script-src 'self'` in the CSP.
Additionally, serve Golden Layout CSS locally to avoid third-party
connection.
Diffstat (limited to 'webAO/packets/handlers')
| -rw-r--r-- | webAO/packets/handlers/handleFL.ts | 14 | ||||
| -rw-r--r-- | webAO/packets/handlers/handlePV.ts | 5 |
2 files changed, 8 insertions, 11 deletions
diff --git a/webAO/packets/handlers/handleFL.ts b/webAO/packets/handlers/handleFL.ts index 5479f4ef..b9647f14 100644 --- a/webAO/packets/handlers/handleFL.ts +++ b/webAO/packets/handlers/handleFL.ts @@ -19,24 +19,24 @@ export const handleFL = (args: string[]) => { } if (args.includes("cccc_ic_support")) { - document.getElementById("cccc")!.style.display = ""; - document.getElementById("pairing")!.style.display = ""; + document.getElementById("cccc")!.classList.remove("nodisplay"); + document.getElementById("pairing")!.classList.remove("nodisplay"); } if (args.includes("flipping")) { - document.getElementById("button_flip")!.style.display = ""; + document.getElementById("button_flip")!.classList.remove("nodisplay"); } if (args.includes("looping_sfx")) { - document.getElementById("button_shake")!.style.display = ""; - document.getElementById("2.7")!.style.display = ""; + document.getElementById("button_shake")!.classList.remove("nodisplay"); + document.getElementById("2.7")!.classList.remove("nodisplay"); } if (args.includes("effects")) { - document.getElementById("2.8")!.style.display = ""; + document.getElementById("2.8")!.classList.remove("nodisplay"); } if (args.includes("y_offset")) { - document.getElementById("y_offset")!.style.display = ""; + document.getElementById("y_offset")!.classList.remove("nodisplay"); } }; diff --git a/webAO/packets/handlers/handlePV.ts b/webAO/packets/handlers/handlePV.ts index 2e14ad2f..28eaf741 100644 --- a/webAO/packets/handlers/handlePV.ts +++ b/webAO/packets/handlers/handlePV.ts @@ -99,9 +99,6 @@ export const handlePV = async (args: string[]) => { `${AO_HOST}characters/${encodeURI(me.name)}/custom.gif`, ) ) { - document.getElementById("button_4")!.style.display = ""; - } else { - document.getElementById("button_4")!.style.display = "none"; + document.getElementById("button_4")!.classList.remove("nodisplay"); } - }; |