dice/impress
1
0
Fork 0
forked from OpenNeo/impress
Code Pull requests Activity
Dress to Impress, a big fancy Neopets customization tool!
2202 commits 4 branches 0 tags 248 MiB
JavaScript 45.8%
Ruby 38.2%
Haml 7.6%
Sass 6.1%
HTML 1.9%
Other 0.3%
Find a file
Emi Matchu 38bad12778 Fix item animations for asset URLs that contain unescaped spaces 
Before this change, the "Ornamental Lake with Goldies" item would fail
to preview on the item page: the iframe for the animation layer would
display an error page.

The error was:

```
Invalid Content Security Policy script-src: "https://images.neopets.com/cp/items/data/000/000/497/497366_deca9f2827/497366_HTML5 Canvas.js". Directive values must not contain whitespace or semicolons. Please use multiple arguments or other directive methods instead. (ActionDispatch::ContentSecurityPolicy::InvalidDirectiveError)
```

This is because the URL that Neopets sends us for this JS file contains
an unescaped space character. This isn't usually an issue for e.g.
loading a URL in the browser, but it's *not* valid syntax for inclusion
in a Content Security Policy.

In this change, we update our CSP code to parse URLs into
`Addressable::URI` objects, which enables us to call the `normalize!`
method, which fixes oddities like that.

The URL now correctly appears in the CSP as
`https://images.neopets.com/cp/items/data/000/000/497/497366_deca9f2827/497366_HTML5%20Canvas.js`.
2025-03-29 14:45:41 -07:00
.devcontainer Save last trade activity time onto User 2024-01-19 00:00:46 -08:00
.husky Add RSpec to the commit hook 2024-10-24 15:22:39 -07:00
app Fix item animations for asset URLs that contain unescaped spaces 2025-03-29 14:45:41 -07:00
bin Run rails app:update to update config files 2025-01-12 12:36:18 -08:00
config Add workarounds for new Neopets.com security rules 2025-03-29 14:14:46 -07:00
db Add configurable full name field to alt styles 2025-02-15 21:52:47 -08:00
deploy Upgrade to Ruby 3.3.7 2025-03-29 13:12:35 -07:00
lib Add workarounds for new Neopets.com security rules 2025-03-29 14:14:46 -07:00
public Run rails app:update to update config files 2025-01-12 12:36:18 -08:00
spec Add configurable full name field to alt styles 2025-02-15 21:52:47 -08:00
test Add assets to modeling tests, and also uhh some other fixes 2024-10-21 16:46:10 -07:00
vendor Upgrade to Ruby 3.3.7 2025-03-29 13:12:35 -07:00
.eslintrc.json Set up eslint for wardrobe-2020 2023-11-02 18:11:07 -07:00
.gitignore Improve Solargraph LSP in our spec files 2024-11-19 11:28:36 -08:00
.rspec Move modeling tests to RSpec 2024-10-21 16:03:58 -07:00
.ruby-version Upgrade to Ruby 3.3.7 2025-03-29 13:12:35 -07:00
.solargraph.yml Add Solargraph autocomplete while in development 2024-07-01 15:35:39 -07:00
.yarnrc.yml Upgrade to Yarn 4.0.2 2024-01-14 23:05:53 -08:00
config.ru Upgrade to Rails 6.1.7.4 2023-10-23 19:05:07 -07:00
falcon.rb Remove supervisor from the Falcon process? 2024-01-24 00:20:23 -08:00
Gemfile Upgrade to Ruby 3.3.7 2025-03-29 13:12:35 -07:00
Gemfile.lock Upgrade to Ruby 3.3.7 2025-03-29 13:12:35 -07:00
LICENSE.md Update GitHub links to point to our self-hosted OpenNeo Code 2024-02-29 11:24:21 -08:00
package.json Upgrade to Yarn 4.5.0 2024-09-20 12:47:54 -07:00
Procfile.dev Use local-only HTTPS certs for the development neopass-server 2024-03-14 18:01:54 -07:00
Rakefile Uninstall resque 2023-10-23 19:05:04 -07:00
README.md Oops, needs to be a README.md file! 2023-10-25 16:31:41 -07:00
yarn.lock Upgrade typescript-eslint dependencies 2024-05-06 15:08:37 -07:00

README.md

Dress to Impress beach logo

Dress to Impress

Oh! We've been revitalizing the Rails app! Fun!

There'll be more to say about it here soon :3