mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rustdoc: Prevent JS injection from localStorage

Browse Source
This commit is contained in:
Chad Norvell 2024-01-22 20:42:27 +00:00
parent 021861aea8
commit 32a0afe30c
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/librustdoc/html/static/js/storage.js
View File

@ -101,6 +101,14 @@ const getVar = (function getVar(name) {
}); });
function switchTheme(newThemeName, saveTheme) { function switchTheme(newThemeName, saveTheme) {
const themeNames = getVar("themes").split(",").filter(t => t);
themeNames.push(...builtinThemes);
// Ensure that the new theme name is among the defined themes
if (themeNames.indexOf(newThemeName) === -1) {
return;
}
// If this new value comes from a system setting or from the previously // If this new value comes from a system setting or from the previously
// saved theme, no need to save it. // saved theme, no need to save it.
if (saveTheme) { if (saveTheme) {
@ -115,7 +123,7 @@ function switchTheme(newThemeName, saveTheme) {
window.currentTheme = null; window.currentTheme = null;
} }
} else { } else {
const newHref = getVar("root-path") + newThemeName + const newHref = getVar("root-path") + encodeURIComponent(newThemeName) +
getVar("resource-suffix") + ".css"; getVar("resource-suffix") + ".css";
if (!window.currentTheme) { if (!window.currentTheme) {
// If we're in the middle of loading, document.write blocks // If we're in the middle of loading, document.write blocks