tinker_tickets

LotusGuild/tinker_tickets

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jared Vititoe	c3f7593f3c	Harden CSP by removing unsafe-inline for scripts Refactored all inline event handlers (onclick, onchange, onsubmit) to use addEventListener with data-action attributes and event delegation pattern. Changes: - views/.php: Replaced inline handlers with data-action attributes - views/admin/.php: Same refactoring for all admin views - assets/js/dashboard.js: Added event delegation for bulk/quick action modals - assets/js/ticket.js: Added event delegation for dynamic elements - assets/js/markdown.js: Refactored toolbar button handlers - assets/js/keyboard-shortcuts.js: Refactored modal close button - SecurityHeadersMiddleware.php: Enabled strict CSP with nonces The CSP now uses script-src 'self' 'nonce-{nonce}' instead of 'unsafe-inline', significantly improving XSS protection. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-30 13:15:55 -05:00
Jared Vititoe	ee317d6662	fix: Keyboard shortcuts for ? key and ESC modal closing - Fix ? shortcut: removed incorrect !e.shiftKey condition - ESC now closes all modal types (overlay, settings, advanced search) - Replace toast-based help with proper styled modal - ESC also blurs focused inputs before canceling edit mode Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-23 22:04:39 -05:00
Jared Vititoe	eda9c61724	ui improvements, keyboard shortcuts, and toast not	2026-01-08 22:49:48 -05:00

Author

SHA1

Message

Date

Jared Vititoe

c3f7593f3c

Harden CSP by removing unsafe-inline for scripts

Refactored all inline event handlers (onclick, onchange, onsubmit) to use
addEventListener with data-action attributes and event delegation pattern.

Changes:
- views/*.php: Replaced inline handlers with data-action attributes
- views/admin/*.php: Same refactoring for all admin views
- assets/js/dashboard.js: Added event delegation for bulk/quick action modals
- assets/js/ticket.js: Added event delegation for dynamic elements
- assets/js/markdown.js: Refactored toolbar button handlers
- assets/js/keyboard-shortcuts.js: Refactored modal close button
- SecurityHeadersMiddleware.php: Enabled strict CSP with nonces

The CSP now uses script-src 'self' 'nonce-{nonce}' instead of 'unsafe-inline',
significantly improving XSS protection.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-30 13:15:55 -05:00

Jared Vititoe

ee317d6662

fix: Keyboard shortcuts for ? key and ESC modal closing

- Fix ? shortcut: removed incorrect !e.shiftKey condition
- ESC now closes all modal types (overlay, settings, advanced search)
- Replace toast-based help with proper styled modal
- ESC also blurs focused inputs before canceling edit mode

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-23 22:04:39 -05:00

Jared Vititoe

eda9c61724

ui improvements, keyboard shortcuts, and toast not

2026-01-08 22:49:48 -05:00

3 Commits