Removing inline styles and improving CSP

Author: stever

apps/proxy/prod.Caddyfile

@@ -30,7 +30,7 @@
 
             # Production CSP
             # Using hash for inline script instead of 'unsafe-inline'
-            Content-Security-Policy "default-src 'none'; script-src 'self' 'wasm-unsafe-eval' 'sha256-HlD9D/WlEaVKKAvDnldsXkj/nllO8aCRBvtofUTEnGQ='; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' wss://*.zxcoder.org https://*.zxcoder.org; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; manifest-src 'self'; media-src 'self'; upgrade-insecure-requests; block-all-mixed-content"
+            Content-Security-Policy "default-src 'none'; script-src 'self' 'wasm-unsafe-eval' 'sha256-HlD9D/WlEaVKKAvDnldsXkj/nllO8aCRBvtofUTEnGQ='; style-src 'self'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' wss://*.zxcoder.org https://*.zxcoder.org; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; manifest-src 'self'; media-src 'self'; upgrade-insecure-requests; block-all-mixed-content"
 
             # CSP Report endpoint (optional - set up monitoring)
             # Report-To "{\"group\":\"csp-endpoint\",\"max_age\":10886400,\"endpoints\":[{\"url\":\"https://your-report-collector.example.com/csp-reports\"}]}"

apps/web/package.json

@@ -77,6 +77,7 @@
     "html-webpack-plugin": "^5.6.4",
     "jest": "^30.2.0",
     "jest-transform-stub": "^2.0.0",
+    "mini-css-extract-plugin": "^2.9.4",
     "npm-run-all": "^4.1.5",
     "npm-watch": "^0.13.0",
     "process": "^0.11.10",

apps/web/public/index.html

@@ -23,8 +23,8 @@
     <meta name="twitter:title" content="Code . ZX Play">
     <meta name="twitter:description" content="A ZX Spectrum emulator & programming environment for the browser.">
     <meta name="twitter:image" content="/assets/images/embed-preview.png">
-    <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self' 'wasm-unsafe-eval' 'sha256-HlD9D/WlEaVKKAvDnldsXkj/nllO8aCRBvtofUTEnGQ='; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' wss://*.zxcoder.org https://*.zxcoder.org; worker-src 'self' blob:; child-src 'self' blob:; frame-src 'none'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; form-action 'self'; manifest-src 'self'; media-src 'self'">
     <link rel="stylesheet" type="text/css" href="/style.css?ver=<%= buildVersion %>">
+    <link rel="stylesheet" type="text/css" href="/dist/main.css?ver=<%= buildVersion %>">
 </head>
 <body>
 <div id="root"></div>

apps/web/public/style.css

@@ -138,3 +138,227 @@ code {
 .mobile .p-tabview-panels {
     padding: 0 !important;
 }
+
+/* Utility classes for inline style replacements */
+.text-center {
+    text-align: center;
+}
+
+.full-width-grid {
+    width: 100%;
+    padding: 0;
+    margin: 0;
+}
+
+.col-no-padding {
+    padding: 0;
+}
+
+.height-53 {
+    height: 53px;
+}
+
+.max-width-1024 {
+    max-width: 1024px;
+    margin: auto;
+}
+
+.margin-top-8 {
+    margin-top: 8px;
+}
+
+.dialog-width-450 {
+    width: 450px;
+}
+
+.min-height-400 {
+    min-height: 400px;
+}
+
+.text-nowrap-min-160 {
+    white-space: nowrap;
+    min-width: 160px;
+}
+
+.user-select-none {
+    user-select: none;
+}
+
+.col-width-34-mobile-70 {
+    width: 34%;
+}
+
+.col-width-22-mobile-30 {
+    width: 22%;
+}
+
+.col-width-22 {
+    width: 22%;
+}
+
+.card-bg-dark {
+    background-color: #2c2c2c;
+}
+
+.avatar-editor-container {
+    display: grid;
+    grid-template-columns: auto auto;
+    gap: 20px;
+    justify-content: center;
+    align-items: start;
+}
+
+.avatar-canvas-container {
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    gap: 10px;
+}
+
+.avatar-controls {
+    width: 200px;
+}
+
+.color-picker {
+    display: flex;
+    flex-wrap: wrap;
+    gap: 5px;
+    margin-top: 10px;
+}
+
+.color-swatch {
+    width: 30px;
+    height: 30px;
+    cursor: pointer;
+    border: 2px solid transparent;
+}
+
+.color-swatch:hover {
+    border-color: #fff;
+}
+
+.avatar-selector-dialog {
+    width: 600px;
+}
+
+.avatar-option {
+    cursor: pointer;
+    border: 2px solid transparent;
+    padding: 5px;
+}
+
+.avatar-option:hover {
+    border-color: #fff;
+}
+
+.avatar-button-min-80 {
+    min-width: 80px;
+    text-align: center;
+}
+
+.avatar-preview-centered {
+    padding-top: 10px;
+}
+
+.tag-user-icon {
+    background-color: #2c2c2c;
+    color: #ffffff;
+}
+
+.editor-dialog-50vw {
+    width: 50vw;
+}
+
+.profile-header {
+    display: flex;
+    gap: 20px;
+    align-items: center;
+}
+
+.profile-avatar {
+    flex-shrink: 0;
+}
+
+.profile-info {
+    flex: 1;
+}
+
+.profile-username {
+    font-size: 12px;
+    color: #aaa;
+}
+
+.profile-bio {
+    margin-top: 10px;
+    padding: 10px;
+    background-color: #2c2c2c;
+    border-radius: 4px;
+}
+
+.profile-stats {
+    display: flex;
+    gap: 20px;
+    margin-top: 10px;
+}
+
+.profile-stat-item {
+    cursor: pointer;
+}
+
+.profile-stat-item:hover {
+    text-decoration: underline;
+}
+
+.activity-card-bg {
+    background-color: #2c2c2c;
+    margin-bottom: 15px;
+    cursor: pointer;
+}
+
+.activity-card-bg:hover {
+    background-color: #333;
+}
+
+.activity-item-header {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    margin-bottom: 10px;
+}
+
+.activity-item-user {
+    display: flex;
+    align-items: center;
+    gap: 10px;
+}
+
+.activity-item-content {
+    padding-left: 40px;
+}
+
+.activity-timestamp {
+    font-size: 12px;
+    color: #aaa;
+}
+
+.follow-list-dialog {
+    background-color: #2c2c2c;
+}
+
+.follow-list-header {
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
+    padding: 15px;
+    border-bottom: 1px solid #444;
+}
+
+@media (max-width: 768px) {
+    .col-width-34-mobile-70 {
+        width: 70%;
+    }
+    
+    .col-width-22-mobile-30 {
+        width: 30%;
+    }
+}

apps/web/src/components/ActivityFeed.jsx

@@ -61,8 +61,7 @@ export default function ActivityFeed() {
   if (feedLoading) {
     return (
       <div
-        className="flex justify-content-center align-items-center"
-        style={{ minHeight: "400px" }}
+        className="flex justify-content-center align-items-center min-height-400"
       >
         <ProgressSpinner />
       </div>
@@ -105,10 +104,9 @@ export default function ActivityFeed() {
                     >
                       <Link to={projectUrl} className="no-underline">
                         <Card
-                          className="h-full hover:shadow-5 transition-all transition-duration-200 cursor-pointer overflow-hidden"
+                          className="h-full hover:shadow-5 transition-all transition-duration-200 cursor-pointer overflow-hidden card-bg-dark"
                           style={{
                             border: "none",
-                            backgroundColor: "#2c2c2c",
                           }}
                         >
                           <div className="flex flex-column h-full relative">

apps/web/src/components/AvatarPixelEditor.jsx

@@ -147,7 +147,7 @@ export default function AvatarPixelEditor({ identifier, onSave, onCancel }) {
           </div>
 
           <div
-            className="pixel-canvas"
+            className="pixel-canvas user-select-none"
             onMouseUp={handleMouseUp}
             onMouseLeave={handleMouseUp}
             style={{
@@ -156,7 +156,6 @@ export default function AvatarPixelEditor({ identifier, onSave, onCancel }) {
               borderRadius: "4px",
               backgroundColor: "#1a1a1a",
               padding: "8px",
-              userSelect: "none",
             }}
           >
             <div

apps/web/src/components/AvatarSelector.jsx

@@ -87,8 +87,7 @@ export default function AvatarSelector({
             disabled={currentPage === 0}
           />
           <span
-            className="text-sm px-1"
-            style={{ minWidth: "80px", textAlign: "center" }}
+            className="text-sm px-1 avatar-button-min-80"
           >
             Page {currentPage + 1}/{totalPages}
           </span>
@@ -129,7 +128,6 @@ export default function AvatarSelector({
       visible={visible}
       onHide={onHide}
       footer={footer}
-      style={{ width: "600px" }}
       className="avatar-selector-dialog"
     >
       <TabView
@@ -178,7 +176,7 @@ export default function AvatarSelector({
             ))}
           </div>
 
-          <div className="text-center mt-2" style={{ paddingTop: "10px" }}>
+          <div className="text-center mt-2 avatar-preview-centered">
             <small className="text-500">
               Tip: Use arrow buttons to browse more patterns, or click Randomize
               for a surprise!

apps/web/src/components/DemoAssemblyEditor.jsx

@@ -38,7 +38,7 @@ export function DemoAssemblyEditor() {
       <Button
         label="Play"
         icon="pi pi-play"
-        style={{ marginTop: "8px" }}
+        className="margin-top-8"
         onClick={() => {
           dashboardLock();
           dispatch(runAssembly());

apps/web/src/components/DemoSinclairBasicEditor.jsx

@@ -38,7 +38,7 @@ export function DemoSinclairBasicEditor() {
             <Button
                 label="Play"
                 icon="pi pi-play"
-                style={{marginTop: "8px"}}
+                className="margin-top-8"
                 onClick={() => {
                     dashboardLock();
                     dispatch(runSinclairBasic());

apps/web/src/components/ErrorPage.jsx

@@ -25,7 +25,7 @@ export default function ErrorPage({msg}) {
 
     return (
         <Titled title={(s) => `Error ${sep} ${s}`}>
-            <Card className="m-2" style={{textAlign: 'center'}}>
+            <Card className="m-2 text-center">
                 <div className="m-4">
                     <p>Sorry, an unexpected error occurred.</p>
                     <p>Error message is:</p>