WildDragonLLC/dragonflight
1
0
Fork 0
Code Issues 18 Pull requests 3 Projects Releases Packages Wiki Activity Actions
577 commits 13 branches 1 tag 8.3 MiB
Commit graph

14 commits

Author SHA1 Message Date
ZGaetano
1e0015322c feat: migrate projects.html to wd-* design system 2026-05-21 23:15:57 -04:00
ZGaetano
c31933a53c rebrand: Projects — Dragonflight, ember orange hue-32 2026-05-21 22:51:20 -04:00
Zac Gaetano
89ceef444e web-ui: include auth-guard.js on home.html and projects.html so the IN DEV badge renders on those pages too 2026-05-21 14:01:52 +00:00
ZGaetano
74e87359e2 Add Settings nav link to sidebar 2026-05-20 14:36:03 -04:00
ZGaetano
86b80e043e fix: correct sidebar logo alt text in projects.html (Z-AMPP → Wild Dragon) 2026-05-20 09:17:05 -04:00
Zac Gaetano
f7aedb1936 fix(ui): normalize sidebar — add Containers + Cluster to all 8 remaining pages 2026-05-20 00:22:57 -04:00
ZGaetano
1e8cde81be fix(projects): prevent JS injection via bin names in onclick handlers 
binCard() was building onclick="renameBinPrompt('id', 'NAME')" by
calling esc() then .replace(/'/g, "\\'").  The problem: esc() converts
' to ', so the replace never fires on raw single quotes.  When the
HTML parser evaluates the attribute it decodes ' back to ', breaking
the JS string — and for injected payloads like `'; alert(1)//` this is
stored XSS.

Fix: use JSON.stringify(b.name) to produce a properly-escaped double-
quoted JS string literal, then esc() to HTML-encode the surrounding
double-quotes for safe embedding in the HTML attribute.
 2026-05-19 00:09:49 -04:00
Zac Gaetano
656c820638 feat: wire editor.html as primary editor, fix its sidebar/branding 
- All pages: Editor nav link now points to editor.html (in-house NLE)
- Removes the :47435 OpenReel resolver script from all pages
- editor.html: canonical Z-AMPP sidebar (all 10 nav items, correct icons)
- editor.html: Z-AMPP brand logo, removes Wild Dragon SVG mark
- editor.html: removes Google Fonts import
- editor.html: adds auth-guard.js
 2026-05-18 23:11:53 -04:00
Zac Gaetano
e8e26dd4d8 fix: remove Google Fonts, fix editor link to :47435, fix page titles 
- Remove @import Google Fonts from common.css (was blocking CSS on LAN)
- Update Editor nav link on all pages to dynamically resolve to :47435
  (OpenReel SPA) using inline script so it works on any hostname
- Fix page titles from Wild Dragon -> Z-AMPP across all pages
- Resolver: <a href="#" id="editor-nav-link"> + IIFE sets href at load
 2026-05-18 22:56:51 -04:00
Zac Gaetano
6bd97a2a03 feat(meme): Token Pricing page with usage chart + AMPP-style Z-AMPP SVG wordmark on home + Tokens tile/nav everywhere 2026-05-18 11:05:30 -04:00
Zac Gaetano
3ae150ad53 feat(editor-native): repoint Editor links from openreel (:47435) to in-house /edit.html 2026-05-18 10:18:14 -04:00
Zac Gaetano
a3596265eb feat(brand+home): swap sidebar to Wild Dragon logo, add favicon everywhere, fix home counters (status= not state=) 2026-05-18 10:13:08 -04:00
Zac Gaetano
81257b5201 feat(nav): add Home + Projects to sidebar across all pages; redirect login to home.html; bump image cache to v=hardhat3 2026-05-18 10:03:32 -04:00
ZGaetano
efebf38271 feat(projects): project + bin management page (CRUD on /api/v1/projects + /api/v1/bins) 2026-05-18 09:58:34 -04:00