From: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
To: meta@public-inbox.org
Subject: [PATCH] Duplicate base css definitions in stylesheets
Date: Mon, 16 Aug 2021 10:50:15 -0400 [thread overview]
Message-ID: <20210816145015.2tbjqkozb6ezfkvj@nitro.local> (raw)
All pages carry the following inlined css declaration:
<style>pre{white-space:pre-wrap}*{font-size:100%;font-family:monospace}</style>
However, site security policies may deliberately prohibit execution of
inline content such as scripts and stylesheets as an extra layer of
protection against XSS vulnerabilities. For example, with the following
HTTP headers returned by the server, the inline styles above will be
ignored:
Content-Security-Policy: default-src 'self'
This causes public-inbox content to be rendered poorly on mobile devices
due to the default <pre> behaviour. Duplicating this declaration into
the contrib stylesheets makes sure that these styles are applied even
with the strictest security policies in place.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
---
contrib/css/216dark.css | 3 ++-
contrib/css/216light.css | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/contrib/css/216dark.css b/contrib/css/216dark.css
index 02804cbd..1277a49a 100644
--- a/contrib/css/216dark.css
+++ b/contrib/css/216dark.css
@@ -5,7 +5,8 @@
* It reduces eyestrain for me, and energy usage for all:
* https://en.wikipedia.org/wiki/Light-on-dark_color_scheme
*/
-* { background:#000; color:#ccc }
+* { font-size: 100%; font-family: monospace; background:#000; color:#ccc }
+pre { white-space: pre-wrap }
/*
* Underlined links add visual noise which make them hard-to-read.
diff --git a/contrib/css/216light.css b/contrib/css/216light.css
index c66cfdfe..741214c9 100644
--- a/contrib/css/216light.css
+++ b/contrib/css/216light.css
@@ -4,7 +4,8 @@
* Suitable for print, and blinding people with brightness.
* Haphazardly thrown together because bright colors hurt my eyes
*/
-* { background:#fff; color:#333 }
+* { font-size: 100%; font-family: monospace; background:#fff; color:#333 }
+pre { white-space: pre-wrap }
/*
* Underlined links add visual noise which make them hard-to-read.
base-commit: 0a3bcc909a9b023755079ee57f347f33aac75d3e
--
2.31.1
next reply other threads:[~2021-08-16 14:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-16 14:50 Konstantin Ryabitsev [this message]
2021-08-16 22:21 ` [PATCH] Duplicate base css definitions in stylesheets Eric Wong
2021-08-17 14:06 ` Konstantin Ryabitsev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://public-inbox.org/README
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210816145015.2tbjqkozb6ezfkvj@nitro.local \
--to=konstantin@linuxfoundation.org \
--cc=meta@public-inbox.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).