diff options
| author | Chad Norvell <chadnorvellx@gmail.com> | 2024-01-22 20:42:27 +0000 |
|---|---|---|
| committer | Chad Norvell <chadnorvellx@gmail.com> | 2024-01-29 18:25:56 +0000 |
| commit | 32a0afe30c26044a62d098910464989258f0bc2e (patch) | |
| tree | 038f19215ce53b9e20c8d5cdd6fb49a4b08a6dd2 | |
| parent | 021861aea8de20c76c7411eb8ada7e8235e3d9b5 (diff) | |
| download | rust-32a0afe30c26044a62d098910464989258f0bc2e.tar.gz rust-32a0afe30c26044a62d098910464989258f0bc2e.zip | |
rustdoc: Prevent JS injection from localStorage
| -rw-r--r-- | src/librustdoc/html/static/js/storage.js | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/librustdoc/html/static/js/storage.js b/src/librustdoc/html/static/js/storage.js index ac9c6f377b8..bda7b3c647e 100644 --- a/src/librustdoc/html/static/js/storage.js +++ b/src/librustdoc/html/static/js/storage.js @@ -101,6 +101,14 @@ const getVar = (function getVar(name) { }); function switchTheme(newThemeName, saveTheme) { + const themeNames = getVar("themes").split(",").filter(t => t); + themeNames.push(...builtinThemes); + + // Ensure that the new theme name is among the defined themes + if (themeNames.indexOf(newThemeName) === -1) { + return; + } + // If this new value comes from a system setting or from the previously // saved theme, no need to save it. if (saveTheme) { @@ -115,7 +123,7 @@ function switchTheme(newThemeName, saveTheme) { window.currentTheme = null; } } else { - const newHref = getVar("root-path") + newThemeName + + const newHref = getVar("root-path") + encodeURIComponent(newThemeName) + getVar("resource-suffix") + ".css"; if (!window.currentTheme) { // If we're in the middle of loading, document.write blocks |