| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
classifySource/classifyDesigner built <a> markup by raw-interpolating
user-controlled badge fields and rendered it via {@html}, enabling
stored XSS on public badge walls (any visitor who opened a crafted
badge). Extract them into badgeLinks.ts returning {href,label} with
http(s)-only href validation, render via escaped Svelte bindings, and
add regression tests.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Auto-fixed cosmetic findings (import ordering, obj["k"]->obj.k, optional
chaining, template literals, Date.now, parseInt radix, useless ternaries/
switch cases). Resolved the non-autofixable rest by hand:
- Senpy: static-only class -> object literal (no this/static reliance).
- app.html: var global shim -> window.global = window (keeps the shim,
drops the unused-var flag).
- biome-ignore with rationale for the logout document.cookie clear and the
holodule scrape non-null assertion.
Verified: biome check 0 diagnostics, svelte-check 0/0, 24/24 unit tests.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds optional namespaces (common, errors, commandPalette, headTitle,
notifications, schedule, events, home, reader, routes, badgePreview,
badgeWall) and extends existing ones (settings.*, lists.*, tools.*,
user.*, hololive.*) on the Locale interface. New fields are optional
so japanese.ts can omit them; svelte-i18n's fallbackLocale handles
the runtime miss.
HeadTitle gains an optional routeKey prop for type-safe lookup.
defaultActions becomes a factory so the command palette re-reads
locale on language toggle. The existing JP feedback translation
in routes/settings is preserved via japanese.ts.
Out of scope (kept hardcoded): service-worker.ts, app.html,
Landing*.svelte, tools.ts registry, Easter Event 2025 pages.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Two unrelated modernisations:
- Adds &display=swap to the Roboto and Overpass Google Fonts URLs
imported by Wrapped's stylesheet. Avoids the invisible-text flash
during font load on the Wrapped page; DM Sans already had this.
- Adds content-visibility: auto to each child of .badges (the grid
on the badge wall page). Browser skips layout and paint for off
-screen badges until they scroll into view. contain-intrinsic-size
auto 8rem reserves placeholder space so the scrollbar stays stable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds src/styles/_breakpoints.scss with five canonical tokens
(\$bp-sm 600, \$bp-md 800, \$bp-lg 1024, \$bp-xl 1280, \$bp-2xl 1600)
and migrates all 15 @media (max-width: ...) occurrences across 9 files.
Configures vite.config.ts with scss loadPaths so any file can
@use "breakpoints" without relative paths.
Conservative rounding-up where existing values were near-duplicates:
500 and 512 collapse to 600, 768 collapses to 800, 1000 collapses to
1024. Slightly more viewports get the smaller-layout treatment in
those bands, which is usually beneficial on cramped widths.
Converts 7 Svelte files from <style> to <style lang="scss"> to access
the SCSS tokens. SCSS is a CSS superset, so existing rules stay valid.
|
| |
|
|
|
|
|
|
|
|
| |
The ParallaxImage alternativeText prop was passed as the literal
string "selectedBadge.description" (quoted attribute syntax) instead
of the expression, so every badge image rendered with that identifier
name as its alt text.
Switch to the expression form with a nullish-coalescing fallback so
badges without a description render empty alt rather than the literal.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|