Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix end-user-facing uses of inline CSS #13438

Merged
merged 14 commits into from
Apr 28, 2020

Conversation

ClearlyClaire
Copy link
Contributor

@ClearlyClaire ClearlyClaire commented Apr 8, 2020

Mastodon currently relies on inline CSS rules quite a bit, which is often suboptimal code factorization, and overall prevents us from using stricter Content-Security Policies.

This PR removes most of the inline CSS attributes an end-user would run into with the following exceptions:

  • poll vote percentage bars in the JS-less fallback, as there doesn't seem to be any decent way to do this
  • the account migration banner thing, as that uses background images
  • some styling on the two-factor auth screen as I'm not sure where to put that in

It also doesn't fix most of the issues specific to the admin interface.

EDIT: used the progress HTML tag for fallback for poll options, successfully tested with recent Chromium and Firefox versions, as well as with an antiquated Firefox version
EDIT#2: changed the “moved” notice to use image tags
EDIT#3: changed the 2FA styling as well

@ClearlyClaire ClearlyClaire force-pushed the fixes/style_src-unsafe_inline branch from e145556 to 551131e Compare April 10, 2020 11:51
@ClearlyClaire ClearlyClaire requested a review from Gargron April 21, 2020 15:01
@ClearlyClaire ClearlyClaire force-pushed the fixes/style_src-unsafe_inline branch 5 times, most recently from 30b7971 to 7ceb2ce Compare April 24, 2020 14:37
@ClearlyClaire ClearlyClaire force-pushed the fixes/style_src-unsafe_inline branch from 7ceb2ce to 71526dd Compare April 24, 2020 14:40
@ClearlyClaire ClearlyClaire changed the title Fix some uses of inline CSS Fix end-user-facing uses of inline CSS Apr 24, 2020
@ClearlyClaire
Copy link
Contributor Author

No end-user-facing inline CSS should be left, which means that with this PR, unsafe-inline can be removed and not affect users.

However, the admin interface still makes use of inline CSS quite a bit.

@ClearlyClaire ClearlyClaire force-pushed the fixes/style_src-unsafe_inline branch from 3422d68 to ca928c4 Compare April 25, 2020 18:13
@Gargron Gargron merged commit 0e362b7 into mastodon:master Apr 28, 2020
@c960657 c960657 mentioned this pull request Oct 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants