@geomak/ui 1.7.3 → 1.7.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +17 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +17 -1
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -2328,8 +2328,24 @@ function toCssVars(theme) {
|
|
|
2328
2328
|
}
|
|
2329
2329
|
return out;
|
|
2330
2330
|
}
|
|
2331
|
+
var CSS_VALUE_REJECT_RE = /[;{}<>\\]|\*\/|\/\*/;
|
|
2332
|
+
function isSafeCssValue(v) {
|
|
2333
|
+
if (typeof v !== "string") return false;
|
|
2334
|
+
if (v.length > 500) return false;
|
|
2335
|
+
return !CSS_VALUE_REJECT_RE.test(v);
|
|
2336
|
+
}
|
|
2331
2337
|
function varsToStyleString(vars2) {
|
|
2332
|
-
|
|
2338
|
+
const out = [];
|
|
2339
|
+
for (const [k, v] of Object.entries(vars2)) {
|
|
2340
|
+
if (!isSafeCssValue(v)) {
|
|
2341
|
+
console.warn(
|
|
2342
|
+
`[ThemeProvider] Dropping unsafe value for "${k}". Theme values may contain letters, digits, and CSS punctuation but must not include: ; { } < > \\ /* */`
|
|
2343
|
+
);
|
|
2344
|
+
continue;
|
|
2345
|
+
}
|
|
2346
|
+
out.push(`${k}: ${v};`);
|
|
2347
|
+
}
|
|
2348
|
+
return out.join(" ");
|
|
2333
2349
|
}
|
|
2334
2350
|
function ThemeProvider({
|
|
2335
2351
|
theme,
|