Tighten the content security policies for profiles.
Use template variables instead of CSS variables in Nox for better browser backwards compatibility. Emit a local error instead of an internal error when submitting an activation token as a guest or invalid user. Moved the inline profile scripts into profile_member.js
This commit is contained in:
parent
4d1f80edab
commit
3cb5896316
|
@ -0,0 +1,18 @@
|
||||||
|
function handle_profile_hashbit() {
|
||||||
|
var hash_class = "";
|
||||||
|
switch(window.location.hash.substr(1)) {
|
||||||
|
case "ban_user":
|
||||||
|
hash_class = "ban_user_hash";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
console.log("Unknown hashbit");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
$(".hash_hide").hide();
|
||||||
|
$("." + hash_class).show();
|
||||||
|
}
|
||||||
|
|
||||||
|
$(document).ready(() => {
|
||||||
|
if(window.location.hash) handle_profile_hashbit();
|
||||||
|
window.addEventListener("hashchange", handle_profile_hashbit, false);
|
||||||
|
});
|
|
@ -673,7 +673,7 @@ func AccountEditEmailTokenSubmit(w http.ResponseWriter, r *http.Request, user co
|
||||||
targetEmail := common.Email{UserID: user.ID}
|
targetEmail := common.Email{UserID: user.ID}
|
||||||
emails, err := common.Emails.GetEmailsByUser(&user)
|
emails, err := common.Emails.GetEmailsByUser(&user)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return common.InternalError(err, w, r)
|
return common.LocalError("You are not logged in", w, r, user)
|
||||||
}
|
}
|
||||||
for _, email := range emails {
|
for _, email := range emails {
|
||||||
if email.Token == token {
|
if email.Token == token {
|
||||||
|
|
|
@ -31,7 +31,7 @@ func init() {
|
||||||
func ViewProfile(w http.ResponseWriter, r *http.Request, user common.User, header *common.Header) common.RouteError {
|
func ViewProfile(w http.ResponseWriter, r *http.Request, user common.User, header *common.Header) common.RouteError {
|
||||||
// TODO: Preload this?
|
// TODO: Preload this?
|
||||||
header.AddSheet(header.Theme.Name + "/profile.css")
|
header.AddSheet(header.Theme.Name + "/profile.css")
|
||||||
header.LooseCSP = true
|
header.AddScript("profile_member.js")
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
var replyCreatedAt time.Time
|
var replyCreatedAt time.Time
|
||||||
|
|
|
@ -114,26 +114,4 @@
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{{if .CurrentUser.Loggedin}}
|
{{template "footer.html" . }}
|
||||||
{{/** Quick subpage switcher **/}}
|
|
||||||
{{/** TODO: Stop inlining this **/}}
|
|
||||||
<script type="text/javascript">
|
|
||||||
function handle_profile_hashbit() {
|
|
||||||
var hash_class = ""
|
|
||||||
switch(window.location.hash.substr(1)) {
|
|
||||||
case "ban_user":
|
|
||||||
hash_class = "ban_user_hash"
|
|
||||||
break
|
|
||||||
default:
|
|
||||||
console.log("Unknown hashbit")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
$(".hash_hide").hide()
|
|
||||||
$("." + hash_class).show()
|
|
||||||
}
|
|
||||||
if(window.location.hash) handle_profile_hashbit()
|
|
||||||
window.addEventListener("hashchange", handle_profile_hashbit, false)
|
|
||||||
</script>
|
|
||||||
{{end}}
|
|
||||||
|
|
||||||
{{template "footer.html" . }}
|
|
|
@ -1,9 +1,6 @@
|
||||||
:root {
|
{{$darkest_bg := "#222222"}}
|
||||||
--darkest-background: #222222;
|
{{$second_dark_bg := "#292929"}}
|
||||||
--second-dark-background: #292929;
|
{{$third_dark_bg := "#333333"}}
|
||||||
--third-dark-background: #333333;
|
|
||||||
}
|
|
||||||
|
|
||||||
* {
|
* {
|
||||||
box-sizing: border-box;
|
box-sizing: border-box;
|
||||||
}
|
}
|
||||||
|
@ -11,7 +8,7 @@ body {
|
||||||
margin: 0px;
|
margin: 0px;
|
||||||
padding: 0px;
|
padding: 0px;
|
||||||
color: #AAAAAA;
|
color: #AAAAAA;
|
||||||
background-color: var(--darkest-background);
|
background-color: {{$darkest_bg}};
|
||||||
font-family: "Segoe UI";
|
font-family: "Segoe UI";
|
||||||
}
|
}
|
||||||
a {
|
a {
|
||||||
|
@ -20,7 +17,7 @@ a {
|
||||||
}
|
}
|
||||||
|
|
||||||
nav.nav {
|
nav.nav {
|
||||||
background: var(--darkest-background);
|
background: {{$darkest_bg}};
|
||||||
width: calc(100% - 200px);
|
width: calc(100% - 200px);
|
||||||
float: left;
|
float: left;
|
||||||
}
|
}
|
||||||
|
@ -103,7 +100,7 @@ li a {
|
||||||
.right_of_nav {
|
.right_of_nav {
|
||||||
float: left;
|
float: left;
|
||||||
width: 200px;
|
width: 200px;
|
||||||
background-color: var(--darkest-background);
|
background-color: {{$darkest_bg}};
|
||||||
padding-top: 12px;
|
padding-top: 12px;
|
||||||
padding-bottom: 12px;
|
padding-bottom: 12px;
|
||||||
padding-right: 12px;
|
padding-right: 12px;
|
||||||
|
@ -112,7 +109,7 @@ li a {
|
||||||
display: flex;
|
display: flex;
|
||||||
flex-direction: row;
|
flex-direction: row;
|
||||||
border-radius: 3px;
|
border-radius: 3px;
|
||||||
background-color: var(--third-dark-background);
|
background-color: {{$third_dark_bg}};
|
||||||
padding-top: 11px;
|
padding-top: 11px;
|
||||||
padding-bottom: 11px;
|
padding-bottom: 11px;
|
||||||
padding-left: 12px;
|
padding-left: 12px;
|
||||||
|
@ -143,7 +140,7 @@ li a {
|
||||||
clear: both;
|
clear: both;
|
||||||
}
|
}
|
||||||
#back {
|
#back {
|
||||||
background: var(--third-dark-background);
|
background: {{$third_dark_bg}};
|
||||||
padding: 24px;
|
padding: 24px;
|
||||||
padding-top: 12px;
|
padding-top: 12px;
|
||||||
clear: both;
|
clear: both;
|
||||||
|
@ -1294,7 +1291,7 @@ input[type=checkbox]:checked + label .sel {
|
||||||
|
|
||||||
@media(min-width: 1010px) {
|
@media(min-width: 1010px) {
|
||||||
.container {
|
.container {
|
||||||
background-color: var(--second-dark-background);
|
background-color: {{$second_dark_bg}};
|
||||||
}
|
}
|
||||||
#back, .footer {
|
#back, .footer {
|
||||||
width: 1000px;
|
width: 1000px;
|
||||||
|
|
Loading…
Reference in New Issue