5
votes
Userstyle issues
I had a look at the available themes and being a person who is sometimes inclined to rice, decided to port my colourscheme to tildes using the Stylish firefox extension. Unfortunately,
Content Security Policy: The page's settings blocked the loading of a resource at self ("style-src")
comes up in the debugger on every page. How can I work around this?
This is because Tildes has an extremely restrictive Content Security Policy, which prevents a lot of "injection" techniques from working (and should make XSS and some similar attacks impossible).
I could probably loosen it a bit for CSS though, if it's preventing styling extensions from working.
Yeah, certainly prevented this injection :p. For whatever reason, using the Stylus extension instead of Stylish fixed the issue. Stylus is a fork of Stylish, so maybe it's added a workaround for this problem.
I haven't tried customizing ~ with Stylish, but my Tampermonkey script gave the same error at first.
Fixed it by using TM:s own style injection function
GM_addStyle(CSSstring)
, instead of standard DOM methods. As far as I know, Stylish only allows CSS, so this fix probably isn't applicable there.This seems to be a known bug in Stylish. OTOH the CSP specification states;
...so in that sense it could be a bug in Firefox.
Thanks for the tip, I've been meaning to try Tampermonkey for ages but haven't actually gotten round to it, so it's nice to know this could use it.
For this particular issue, Stylus seems to work, so probably a Stylish issue and not Firefox.
Well, in case you want something to start with, feel free to fork my userscript. It's basically a time-based day/night theme switcher, but it can also add custom CSS.
Nice, I like it
Hmm, thanks. In tildes.css, the four existing themes are all defined, and if I just paste my theme in there with them, it works (if I also set the theme cookie to my theme), so I suspect Stylish is really being blocked.
what? I am using Stylish, that's what prompted this thread
Ah nice, Stylus just works somehow.
Sure, here it is (still pretty ugly imo, I want to work on it some more): http://up.unix.porn/1U6N.txt
Ooh, I think I like yours more. We should make a repo or something for alternative themes. Thanks, the domain belongs to a friend of mine and I host a little private upload service on the subdomain (though it's still missing a lot of features)
Nice, something to keep an eye on there. Have fun with the theme - I just made a few colour edits to mine: http://up.unix.porn/C4Lp.txt
Yeah, I originally wrote the upload service specifically for a Telegram rice chat we're in, so unixporn comes up a lot.