PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: scroll-position memory on repertoire HTMX swaps + swap transition polish

Browse Source 
- Add repertoire-scroll-restore.js: snapshots scrollTop of each column <ul>
  before htmx:beforeSwap, restores after htmx:afterSwap (keyed by data-col)
- Add subtle opacity transition on #repertoire-index during htmx-swapping
- Tighten rep-indicator opacity transition to 0.1s for snappier feedback
- Import new module in public-entry.js
This commit is contained in:
Pontoporeia
2026-06-24 14:45:51 +02:00
parent e0cf9f8f57
commit eb706214ce
4 changed files with 90 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
TODO.md
View File

@@ -3,6 +3,13 @@
> Last updated: 2026-06-24
> Context: Security audit — fix open redirects, fragment auth, dead code, CSRF gaps
## Deferred / Blocked
- [ ] #tighten-csp Tighten CSP to remove 'unsafe-inline' after inline JS extraction
## Pending
- [ ] #rep-student-touch Replace hover student popover with tap-to-open drawer for mobile `(repertoire.php, repertoire.css, repertoire-student-popover.js)`
- [x] #rep-polish Polish: scroll-position memory on HTMX swap, animation tuning `(repertoire.css)`
## Completed
- [x] #icon-color-verify Verify icon colors render correctly across all pages (header, admin tables, forms, dialogs, cleanup modal) ✓
- [x] #sec-open-redirect Fix open redirect in tag.php + language.php (protocol-relative URL bypass via str_starts_with) ✓
@@ -18,12 +25,6 @@
- [x] #sec-fragments-auth Gate partagé fragments on share_active session (read-only fragment renderers — no CSRF needed) ✓
- [x] #sec-retry-csrf Add CSRF check to partage/retry-email.php POST ✓
- [x] #sec-cleanup-dead-code Remove dead App::verifyCsrf() or refactor action handlers to use it ✓
## Pending
- [ ] #rep-student-touch Replace hover student popover with tap-to-open drawer for mobile `(repertoire.php, repertoire.css, repertoire-student-popover.js)`
- [ ] #rep-polish Polish: scroll-position memory on HTMX swap, animation tuning `(repertoire.css)`
## Completed (before this session)
- [x] #gzip-nginx Enable gzip compression in nginx config `(nginx/xamxam.conf)`
- [x] #extract-inline-js Move inline JS to external files across 17 templates → 15 new JS files created `(app/public/assets/js/app/*.js)`
- [x] #inline-icon-helper Create `icon()` PHP helper + auto-load in bootstrap `(src/icon.php, bootstrap.php)`
@@ -77,5 +78,3 @@
- [x] #split-form-css Split `form.css` into `form-base.css` and `form-admin.css`
- [x] #extra-css-admin Update `head.php` to support `$extraCssAdmin` for admin-only stylesheets `(head.php)`
## Deferred / Blocked
- [ ] #tighten-csp Tighten CSP to remove 'unsafe-inline' after inline JS extraction