From 8bf3cae6ac89de9569a7ec629594954804a2b55a Mon Sep 17 00:00:00 2001 From: Osmium Sorcerer Date: Sat, 6 Jun 2026 02:27:32 +0000 Subject: CSP hardening: remove inline styles Similar to removal of inline scripts, everything was taken out into the CSS files, with the same styles applied there directly. This lets us use `script-src 'self'` in the CSP. Additionally, serve Golden Layout CSS locally to avoid third-party connection. --- webAO/packets/handlers/handleFL.ts | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'webAO/packets/handlers/handleFL.ts') diff --git a/webAO/packets/handlers/handleFL.ts b/webAO/packets/handlers/handleFL.ts index 5479f4ef..b9647f14 100644 --- a/webAO/packets/handlers/handleFL.ts +++ b/webAO/packets/handlers/handleFL.ts @@ -19,24 +19,24 @@ export const handleFL = (args: string[]) => { } if (args.includes("cccc_ic_support")) { - document.getElementById("cccc")!.style.display = ""; - document.getElementById("pairing")!.style.display = ""; + document.getElementById("cccc")!.classList.remove("nodisplay"); + document.getElementById("pairing")!.classList.remove("nodisplay"); } if (args.includes("flipping")) { - document.getElementById("button_flip")!.style.display = ""; + document.getElementById("button_flip")!.classList.remove("nodisplay"); } if (args.includes("looping_sfx")) { - document.getElementById("button_shake")!.style.display = ""; - document.getElementById("2.7")!.style.display = ""; + document.getElementById("button_shake")!.classList.remove("nodisplay"); + document.getElementById("2.7")!.classList.remove("nodisplay"); } if (args.includes("effects")) { - document.getElementById("2.8")!.style.display = ""; + document.getElementById("2.8")!.classList.remove("nodisplay"); } if (args.includes("y_offset")) { - document.getElementById("y_offset")!.style.display = ""; + document.getElementById("y_offset")!.classList.remove("nodisplay"); } }; -- cgit