From 32a0afe30c26044a62d098910464989258f0bc2e Mon Sep 17 00:00:00 2001
From: Chad Norvell <chadnorvellx@gmail.com>
Date: Mon, 22 Jan 2024 20:42:27 +0000
Subject: [PATCH] rustdoc: Prevent JS injection from localStorage

---
 src/librustdoc/html/static/js/storage.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/librustdoc/html/static/js/storage.js b/src/librustdoc/html/static/js/storage.js
index ac9c6f377b8..bda7b3c647e 100644
--- a/src/librustdoc/html/static/js/storage.js
+++ b/src/librustdoc/html/static/js/storage.js
@@ -101,6 +101,14 @@ const getVar = (function getVar(name) {
 });
 
 function switchTheme(newThemeName, saveTheme) {
+    const themeNames = getVar("themes").split(",").filter(t => t);
+    themeNames.push(...builtinThemes);
+
+    // Ensure that the new theme name is among the defined themes
+    if (themeNames.indexOf(newThemeName) === -1) {
+        return;
+    }
+
     // If this new value comes from a system setting or from the previously
     // saved theme, no need to save it.
     if (saveTheme) {
@@ -115,7 +123,7 @@ function switchTheme(newThemeName, saveTheme) {
             window.currentTheme = null;
         }
     } else {
-        const newHref = getVar("root-path") + newThemeName +
+        const newHref = getVar("root-path") + encodeURIComponent(newThemeName) +
             getVar("resource-suffix") + ".css";
         if (!window.currentTheme) {
             // If we're in the middle of loading, document.write blocks