Skip to content
This repository has been archived by the owner on Oct 25, 2024. It is now read-only.

Commit

Permalink
Merge branch 'main' of github.com:GoogleChromeLabs/critters into secu…
Browse files Browse the repository at this point in the history 
…rity-fixes3
  • Loading branch information
@janicklas-ralph
janicklas-ralph committed Feb 23, 2024
2 parents 2286167 + 2e8cbe8 commit 1230a9f
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 11,362 deletions.
17 changes: 9 additions & 8 deletions packages/critters/src/css.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,8 +199,8 @@ function filterSelectors(predicate) {
}
}

const MEDIA_TYPES = ['all', 'print', 'screen', 'speech'];
const MEDIA_KEYWORDS = ['and', 'not', ','];
const MEDIA_TYPES = new Set(['all', 'print', 'screen', 'speech']);
const MEDIA_KEYWORDS = new Set(['and', 'not', ',']);
const MEDIA_FEATURES = [
'width',
'aspect-ratio',
Expand All @@ -217,9 +217,9 @@ function validateMediaType(node) {
const { type: nodeType, value: nodeValue } = node;

if (nodeType === 'media-type') {
return MEDIA_TYPES.includes(nodeValue);
return MEDIA_TYPES.has(nodeValue);
} else if (nodeType === 'keyword') {
return MEDIA_KEYWORDS.includes(nodeValue);
return MEDIA_KEYWORDS.has(nodeValue);
} else if (nodeType === 'media-feature') {
return MEDIA_FEATURES.some((feature) => {
return (
Expand All @@ -241,20 +241,21 @@ function validateMediaType(node) {
* is HTML safe and does not cause any injection issue
*/
export function validateMediaQuery(query) {
console.log(query);
const mediaTree = mediaParser(query);
const nodeTypes = ['media-type', 'keyword', 'media-feature'];
const nodeTypes = new Set(['media-type', 'keyword', 'media-feature']);

const stack = [mediaTree];

while (stack.length > 0) {
const node = stack.pop();

if (nodeTypes.includes(node.type) && !validateMediaType(node)) {
if (nodeTypes.has(node.type) && !validateMediaType(node)) {
return false;
}

stack.push(...(node.nodes || []));
if (node.nodes) {
stack.push(...node.nodes);
}
}

return true;
Expand Down
3 changes: 1 addition & 2 deletions packages/critters/src/util.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,5 @@ export function createLogger(logLevel) {
}

export function isSubpath(basePath, currentPath) {
const relative = path.relative(basePath, currentPath);
return relative && !relative.startsWith('..') && !path.isAbsolute(relative);
return !path.relative(basePath, currentPath).startsWith('..');
}
Loading

0 comments on commit 1230a9f

Please sign in to comment.