@dicebear/core 9.4.0 → 9.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/utils/prng.js +3 -2
  2. package/lib/utils/svg.js +3 -3
  3. package/package.json +1 -1
package/lib/utils/prng.js CHANGED
@@ -1,5 +1,6 @@
1
1
  const MIN = -2147483648;
2
2
  const MAX = 2147483647;
3
+ const MAX_SEED_LENGTH = 1024;
3
4
  function xorshift(value) {
4
5
  value ^= value << 13;
5
6
  value ^= value >> 17;
@@ -15,8 +16,8 @@ function hashSeed(seed) {
15
16
  return hash;
16
17
  }
17
18
  export function create(seed = '') {
18
- // Ensure that seed is a string
19
- seed = seed.toString();
19
+ // Ensure that seed is a string and limit length to prevent CPU exhaustion
20
+ seed = seed.toString().slice(0, MAX_SEED_LENGTH);
20
21
  let value = hashSeed(seed) || 1;
21
22
  const next = () => (value = xorshift(value));
22
23
  const integer = (min, max) => {
package/lib/utils/svg.js CHANGED
@@ -15,7 +15,7 @@ export function getViewBox(result) {
15
15
  }
16
16
  export function addBackground(result, primaryColor, secondaryColor, type, rotation) {
17
17
  let { width, height, x, y } = getViewBox(result);
18
- const solidBackground = `<rect fill="${primaryColor}" width="${width}" height="${height}" x="${x}" y="${y}" />`;
18
+ const solidBackground = `<rect fill="${escape.xml(primaryColor)}" width="${width}" height="${height}" x="${x}" y="${y}" />`;
19
19
  switch (type) {
20
20
  case 'solid':
21
21
  return solidBackground + result.body;
@@ -23,8 +23,8 @@ export function addBackground(result, primaryColor, secondaryColor, type, rotati
23
23
  return (`<rect fill="url(#backgroundLinear)" width="${width}" height="${height}" x="${x}" y="${y}" />` +
24
24
  `<defs>` +
25
25
  `<linearGradient id="backgroundLinear" gradientTransform="rotate(${rotation} 0.5 0.5)">` +
26
- `<stop stop-color="${primaryColor}"/>` +
27
- `<stop offset="1" stop-color="${secondaryColor}"/>` +
26
+ `<stop stop-color="${escape.xml(primaryColor)}"/>` +
27
+ `<stop offset="1" stop-color="${escape.xml(secondaryColor)}"/>` +
28
28
  `</linearGradient>` +
29
29
  `</defs>` +
30
30
  result.body);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dicebear/core",
3
- "version": "9.4.0",
3
+ "version": "9.4.2",
4
4
  "description": "An avatar library for designers and developers.",
5
5
  "keywords": [
6
6
  "avatar",