From 8bf3cae6ac89de9569a7ec629594954804a2b55a Mon Sep 17 00:00:00 2001
From: Osmium Sorcerer <os@sof.beauty>
Date: Sat, 6 Jun 2026 02:27:32 +0000
Subject: CSP hardening: remove inline styles

Similar to removal of inline scripts, everything was taken out into the
CSS files, with the same styles applied there directly. This lets us
use `script-src 'self'` in the CSP.

Additionally, serve Golden Layout CSS locally to avoid third-party
connection.
---
 webAO/dom/toggleElement.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'webAO/dom/toggleElement.js')

diff --git a/webAO/dom/toggleElement.js b/webAO/dom/toggleElement.js
index 76a1c633..c87561d0 100644
--- a/webAO/dom/toggleElement.js
+++ b/webAO/dom/toggleElement.js
@@ -4,10 +4,10 @@
  */
 export function toggleElement(elementId) {
   const element = document.getElementById(elementId);
-  if (element.style.display !== "none") {
-    element.style.display = "none";
+  if ("nodisplay" in element.classList) {
+    element.classList.remove("nodisplay");
   } else {
-    element.style.display = "block";
+    element.classList.add("nodisplay");
   }
 }
 window.toggleElement = toggleElement;
-- 
cgit