From 8bf3cae6ac89de9569a7ec629594954804a2b55a Mon Sep 17 00:00:00 2001
From: Osmium Sorcerer <os@sof.beauty>
Date: Sat, 6 Jun 2026 02:27:32 +0000
Subject: CSP hardening: remove inline styles

Similar to removal of inline scripts, everything was taken out into the
CSS files, with the same styles applied there directly. This lets us
use `script-src 'self'` in the CSP.

Additionally, serve Golden Layout CSS locally to avoid third-party
connection.
---
 webAO/packets/handlers/handlePV.ts | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'webAO/packets/handlers/handlePV.ts')

diff --git a/webAO/packets/handlers/handlePV.ts b/webAO/packets/handlers/handlePV.ts
index 2e14ad2..28eaf74 100644
--- a/webAO/packets/handlers/handlePV.ts
+++ b/webAO/packets/handlers/handlePV.ts
@@ -99,9 +99,6 @@ export const handlePV = async (args: string[]) => {
       `${AO_HOST}characters/${encodeURI(me.name)}/custom.gif`,
     )
   ) {
-    document.getElementById("button_4")!.style.display = "";
-  } else {
-    document.getElementById("button_4")!.style.display = "none";
+    document.getElementById("button_4")!.classList.remove("nodisplay");
   }
-
 };
-- 
cgit