From 8bf3cae6ac89de9569a7ec629594954804a2b55a Mon Sep 17 00:00:00 2001 From: Osmium Sorcerer Date: Sat, 6 Jun 2026 02:27:32 +0000 Subject: CSP hardening: remove inline styles Similar to removal of inline scripts, everything was taken out into the CSS files, with the same styles applied there directly. This lets us use `script-src 'self'` in the CSP. Additionally, serve Golden Layout CSS locally to avoid third-party connection. --- webAO/packets/handlers/handleFL.ts | 14 +++++++------- webAO/packets/handlers/handlePV.ts | 5 +---- 2 files changed, 8 insertions(+), 11 deletions(-) (limited to 'webAO/packets') diff --git a/webAO/packets/handlers/handleFL.ts b/webAO/packets/handlers/handleFL.ts index 5479f4ef..b9647f14 100644 --- a/webAO/packets/handlers/handleFL.ts +++ b/webAO/packets/handlers/handleFL.ts @@ -19,24 +19,24 @@ export const handleFL = (args: string[]) => { } if (args.includes("cccc_ic_support")) { - document.getElementById("cccc")!.style.display = ""; - document.getElementById("pairing")!.style.display = ""; + document.getElementById("cccc")!.classList.remove("nodisplay"); + document.getElementById("pairing")!.classList.remove("nodisplay"); } if (args.includes("flipping")) { - document.getElementById("button_flip")!.style.display = ""; + document.getElementById("button_flip")!.classList.remove("nodisplay"); } if (args.includes("looping_sfx")) { - document.getElementById("button_shake")!.style.display = ""; - document.getElementById("2.7")!.style.display = ""; + document.getElementById("button_shake")!.classList.remove("nodisplay"); + document.getElementById("2.7")!.classList.remove("nodisplay"); } if (args.includes("effects")) { - document.getElementById("2.8")!.style.display = ""; + document.getElementById("2.8")!.classList.remove("nodisplay"); } if (args.includes("y_offset")) { - document.getElementById("y_offset")!.style.display = ""; + document.getElementById("y_offset")!.classList.remove("nodisplay"); } }; diff --git a/webAO/packets/handlers/handlePV.ts b/webAO/packets/handlers/handlePV.ts index 2e14ad2f..28eaf741 100644 --- a/webAO/packets/handlers/handlePV.ts +++ b/webAO/packets/handlers/handlePV.ts @@ -99,9 +99,6 @@ export const handlePV = async (args: string[]) => { `${AO_HOST}characters/${encodeURI(me.name)}/custom.gif`, ) ) { - document.getElementById("button_4")!.style.display = ""; - } else { - document.getElementById("button_4")!.style.display = "none"; + document.getElementById("button_4")!.classList.remove("nodisplay"); } - }; -- cgit