Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions .Jules/palette.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,3 @@
## 2026-06-25 - Fix Header Overlap
**Learning:** When using a sticky header, clicking anchor links can cause the target element to scroll under the header, hindering the user experience.
**Action:** Use `scroll-padding-top` on the `html` element with the height of the sticky header to ensure anchor links scroll to a position just below the header.

## 2024-06-25 - Improve Color Contrast
**Learning:** Found that using `--gold` for text on white or light backgrounds (like `--paper`) fails WCAG AA contrast standards, making the text difficult to read for some users.
**Action:** Avoid using `--gold` on light backgrounds. Instead, use alternatives with better contrast like `--teal`. Retain `--gold` for dark backgrounds (like `--ink`) where it provides excellent contrast.
3 changes: 0 additions & 3 deletions .jules/bolt.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,3 @@
## 2024-06-27 - ์ดˆ๊ธฐ ์–ธ์–ด ๋กœ๋“œ ์‹œ ๋ถˆํ•„์š”ํ•œ DOM ํƒ์ƒ‰ ์ œ๊ฑฐ
**Learning:** ์ดˆ๊ธฐ ๋กœ๋“œ ์‹œ ์š”์ฒญ๋œ ์–ธ์–ด๊ฐ€ HTML์˜ ๊ธฐ๋ณธ ์–ธ์–ด(ko)์™€ ๋™์ผํ•œ ๊ฒฝ์šฐ, ๋ชจ๋“  DOM ํ…์ŠคํŠธ ๋…ธ๋“œ๋ฅผ ํƒ์ƒ‰ํ•˜๊ณ  ์น˜ํ™˜ํ•˜๋Š” ๋ถˆํ•„์š”ํ•œ ์ž‘์—…์„ ์ƒ๋žตํ•˜๋ฉด ์„ฑ๋Šฅ์ด ํ–ฅ์ƒ๋จ์„ ํ™•์ธํ–ˆ์Šต๋‹ˆ๋‹ค.
**Action:** `isInitialDefault` ์กฐ๊ฑด์„ ์ถ”๊ฐ€ํ•˜์—ฌ ์ดˆ๊ธฐ ๋กœ๋“œ ์‹œ ๋ถˆํ•„์š”ํ•œ DOM ์ˆœํšŒ ์ฝ”๋“œ๊ฐ€ ์‹คํ–‰๋˜์ง€ ์•Š๋„๋ก ๊ฐœ์„ ํ–ˆ์Šต๋‹ˆ๋‹ค.
## 2026-07-05 - content-visibility์™€ scrollbar jumping ๋ฐฉ์ง€
**Learning:** ๊ธด ๋‹จ์ผ ํŽ˜์ด์ง€(static site)์—์„œ `content-visibility: auto`๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์˜คํ”„์Šคํฌ๋ฆฐ ์„น์…˜์˜ ๋ Œ๋”๋ง์„ ์ตœ์ ํ™”ํ•  ๋•Œ, `contain-intrinsic-size`๋ฅผ ํ•จ๊ป˜ ์ง€์ •ํ•˜์ง€ ์•Š์œผ๋ฉด ์Šคํฌ๋กค๋ฐ”๊ฐ€ ํŠ€๊ฑฐ๋‚˜ ๋ ˆ์ด์•„์›ƒ ์‹œํ”„ํŠธ๊ฐ€ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
**Action:** ํ•ญ์ƒ ๊ธธ์ด ๊ธฐ๋ฐ˜ ํด๋ฐฑ(์˜ˆ: `contain-intrinsic-size: 600px;`)์„ ์„ ํ–‰ํ•˜๊ณ , ๋ธŒ๋ผ์šฐ์ €๊ฐ€ ์‹ค์ œ ๋†’์ด๋ฅผ ๊ธฐ์–ตํ•  ์ˆ˜ ์žˆ๋„๋ก `auto` ํ‚ค์›Œ๋“œ๋ฅผ ํฌํ•จํ•œ ์†์„ฑ์„ ์„ค์ •ํ•ฉ๋‹ˆ๋‹ค. ์„น์…˜๋ณ„ ์‹ค์ œ ๋†’์ด์— ๋งž์ถฐ ํฌ๊ธฐ๋ฅผ ์กฐ์ •ํ•ฉ๋‹ˆ๋‹ค.
4 changes: 4 additions & 0 deletions .jules/sentinel.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,7 @@
**Vulnerability:** ์™ธ๋ถ€ ๋งํฌ(ํŠนํžˆ ์ฐธ์กฐ๋ฌธํ—Œ ๋งํฌ ๋“ฑ)์— `target="_blank"` ์†์„ฑ์„ ์‚ฌ์šฉํ•˜๊ฑฐ๋‚˜ ์ƒˆ ํƒญ์œผ๋กœ ์—ฌ๋Š” ๋™์ž‘์„ ์œ ๋„ํ•  ๋•Œ, `rel="noopener noreferrer"` ์†์„ฑ์ด ๋ˆ„๋ฝ๋˜์–ด Reverse Tabnabbing ๊ณต๊ฒฉ์— ๋…ธ์ถœ๋  ์ˆ˜ ์žˆ์Œ.
**Learning:** `rel="noopener noreferrer"`๊ฐ€ ์—†์œผ๋ฉด ์ƒˆ๋กœ ์—ด๋ฆฐ ํƒญ์˜ ํŽ˜์ด์ง€๊ฐ€ `window.opener` ๊ฐ์ฒด๋ฅผ ํ†ตํ•ด ์›๋ž˜ ํŽ˜์ด์ง€์˜ `location`์„ ์•…์˜์ ์ธ ์‚ฌ์ดํŠธ๋กœ ๋ณ€๊ฒฝํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
**Prevention:** ์™ธ๋ถ€ ๋งํฌ๋ฅผ ์ƒˆ ํƒญ์œผ๋กœ ์—ด๊ธฐ ์œ„ํ•ด `target="_blank"`๋ฅผ ์‚ฌ์šฉํ•  ๋•Œ๋งŒ `rel="noopener noreferrer"`๋ฅผ ํ•จ๊ป˜ ์ถ”๊ฐ€ํ•˜์—ฌ ๋ถ€๋ชจ ์ฐฝ์— ๋Œ€ํ•œ ์ ‘๊ทผ์„ ์ฐจ๋‹จํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
## 2026-07-04 - Enforce Trusted Types natively
**Vulnerability:** The application was not enforcing Trusted Types in its Content Security Policy, leaving it theoretically vulnerable to DOM XSS if unsafe DOM sinks (like innerHTML) were ever introduced in the future.
**Learning:** When an application exclusively uses safe DOM APIs (like `textContent`) and lacks risky sinks, `require-trusted-types-for 'script'` can be enforced natively via CSP without needing to define a Trusted Types policy or use external sanitizers like DOMPurify. This provides a zero-dependency defense-in-depth layer against future regressions.
**Prevention:** For static sites using safe DOM manipulation, always add `require-trusted-types-for 'script'` to the CSP to proactively block any future usage of unsafe DOM sinks.
2 changes: 1 addition & 1 deletion index.html
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src 'self'; object-src 'none'; base-uri 'self'; form-action 'none'; upgrade-insecure-requests;">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src 'self'; object-src 'none'; base-uri 'self'; form-action 'none'; upgrade-insecure-requests; require-trusted-types-for 'script';">
<meta name="referrer" content="strict-origin-when-cross-origin">
<title>๋งฅ๋ฝ์ง€ํ˜œ ์—ฐ๊ตฌ์‹ค | Contextual Wisdom Lab</title>
<meta
Expand Down
11 changes: 1 addition & 10 deletions styles.css
Original file line number Diff line number Diff line change
Expand Up @@ -297,15 +297,6 @@ h1 {
.section {
padding: clamp(72px, 10vw, 132px) clamp(20px, 5vw, 72px);
border-top: 1px solid var(--line);
/* โšก Bolt: Defer rendering of off-screen sections to improve initial page load performance */
content-visibility: auto;
contain-intrinsic-size: 600px;
contain-intrinsic-size: auto 600px;
}

.section.dikw, .section.projects {
contain-intrinsic-size: 1000px;
contain-intrinsic-size: auto 1000px;
}

.section-heading {
Expand Down Expand Up @@ -451,7 +442,7 @@ h1 {
.dikw-grid span {
display: block;
margin-bottom: 38px;
color: var(--teal);
color: var(--gold);
font-size: 14px;
font-weight: 900;
}
Expand Down
Loading