@geomak/ui 1.7.3 → 1.7.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +17 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +17 -1
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -2360,8 +2360,24 @@ function toCssVars(theme) {
|
|
|
2360
2360
|
}
|
|
2361
2361
|
return out;
|
|
2362
2362
|
}
|
|
2363
|
+
var CSS_VALUE_REJECT_RE = /[;{}<>\\]|\*\/|\/\*/;
|
|
2364
|
+
function isSafeCssValue(v) {
|
|
2365
|
+
if (typeof v !== "string") return false;
|
|
2366
|
+
if (v.length > 500) return false;
|
|
2367
|
+
return !CSS_VALUE_REJECT_RE.test(v);
|
|
2368
|
+
}
|
|
2363
2369
|
function varsToStyleString(vars2) {
|
|
2364
|
-
|
|
2370
|
+
const out = [];
|
|
2371
|
+
for (const [k, v] of Object.entries(vars2)) {
|
|
2372
|
+
if (!isSafeCssValue(v)) {
|
|
2373
|
+
console.warn(
|
|
2374
|
+
`[ThemeProvider] Dropping unsafe value for "${k}". Theme values may contain letters, digits, and CSS punctuation but must not include: ; { } < > \\ /* */`
|
|
2375
|
+
);
|
|
2376
|
+
continue;
|
|
2377
|
+
}
|
|
2378
|
+
out.push(`${k}: ${v};`);
|
|
2379
|
+
}
|
|
2380
|
+
return out.join(" ");
|
|
2365
2381
|
}
|
|
2366
2382
|
function ThemeProvider({
|
|
2367
2383
|
theme,
|