dice/impress
1
0
Fork 0
forked from OpenNeo/impress
Code Pull requests Activity
impress/app/controllers
History
Emi Matchu 38bad12778 Fix item animations for asset URLs that contain unescaped spaces 
Before this change, the "Ornamental Lake with Goldies" item would fail
to preview on the item page: the iframe for the animation layer would
display an error page.

The error was:

```
Invalid Content Security Policy script-src: "https://images.neopets.com/cp/items/data/000/000/497/497366_deca9f2827/497366_HTML5 Canvas.js". Directive values must not contain whitespace or semicolons. Please use multiple arguments or other directive methods instead. (ActionDispatch::ContentSecurityPolicy::InvalidDirectiveError)
```

This is because the URL that Neopets sends us for this JS file contains
an unescaped space character. This isn't usually an issue for e.g.
loading a URL in the browser, but it's *not* valid syntax for inclusion
in a Content Security Policy.

In this change, we update our CSP code to parse URLs into
`Addressable::URI` objects, which enables us to call the `normalize!`
method, which fixes oddities like that.

The URL now correctly appears in the CSP as
`https://images.neopets.com/cp/items/data/000/000/497/497366_deca9f2827/497366_HTML5%20Canvas.js`.
2025-03-29 14:45:41 -07:00
..
devise Connect a NeoPass to an existing account 2024-04-08 05:33:58 -07:00
fundraising Move most fundraising files into a Fundraising module 2024-02-18 20:12:14 -08:00
about_controller.rb Add first draft of /about/neopass page 2024-03-12 17:58:44 -07:00
alt_styles_controller.rb Add configurable full name field to alt styles 2025-02-15 21:52:47 -08:00
application_controller.rb Move support_staff? method into ApplicationController 2024-12-01 11:12:24 -08:00
auth_users_controller.rb Fix bugs in Settings page when changes to the model are incomplete 2024-04-09 06:34:06 -07:00
closet_hangers_controller.rb Add Support form for users, with shadowban option 2025-02-16 09:32:52 -08:00
closet_lists_controller.rb Disallow email addresses in closet list descriptions 2024-04-16 17:04:31 -07:00
contributions_controller.rb Migrate away from item translations in contributions 2024-02-20 15:52:10 -08:00
item_appearances_controller.rb Load item page restricted zones data from Rails app, not impress-2020 2023-11-11 08:49:19 -08:00
item_trades_controller.rb Oops, load the data for the bulk item quantity form on the trades page! 2024-01-21 06:42:24 -08:00
items_controller.rb Oops, fix silly mistake when combining zones by label on the item page 2025-01-02 19:39:53 -08:00
locales_controller.rb locale cookie should be long-term, not a session cookie 2013-01-11 11:48:40 -06:00
neopass_connections_controller.rb Use Neopets username as base name for new NeoPass accounts, if possible 2024-04-09 07:48:13 -07:00
neopets_connections_controller.rb closet hangers index uses neopets connections dropdown 2014-01-18 22:50:14 -06:00
neopets_page_import_tasks_controller.rb Fix petpage etc import 2023-11-06 12:59:28 -08:00
outfits_controller.rb Remove careful SQL-selecting on homepage 2024-11-20 10:44:33 -08:00
pet_states_controller.rb Update pet state bulk-labeling to skip to next unlabeled if desired 2024-12-08 10:08:39 -08:00
pet_types_controller.rb Add "Support summary" section to Rainbow Pool 2024-12-01 11:13:21 -08:00
pets_controller.rb Reapply changes to how disabling modeling works 2024-11-10 11:39:51 -08:00
sitemap_controller.rb Migrate away from item translations in misc pages 2024-02-20 15:53:56 -08:00
swf_assets_controller.rb Fix item animations for asset URLs that contain unescaped spaces 2025-03-29 14:45:41 -07:00
users_controller.rb Add Support form for users, with shadowban option 2025-02-16 09:32:52 -08:00