Merge pull request #13 from JosueGalRe/main

fix(zen-settings): sanitize properties and theme name to prevent css …
2025-07-08 01:20:00 +02:00 · 2024-09-15 01:10:01 +02:00 · 2024-09-15 01:10:01 +02:00 · 4101126d54
commit 4101126d54
parent d7715eb754 5a183e161e
1 changed files with 16 additions and 15 deletions
--- a/src/ZenThemesImporter.mjs
+++ b/src/ZenThemesImporter.mjs
@ -118,10 +118,10 @@ var gZenThemeImporter = new (class {

  _getBrowser() {
    if (!this.__browser) {
-      this.__browser = Services.wm.getMostRecentWindow("navigator:browser")
+      this.__browser = Services.wm.getMostRecentWindow('navigator:browser');
    }

-    return this.__browser
+    return this.__browser;
  }

  async _getThemePreferences(theme) {
@ -134,7 +134,7 @@ var gZenThemeImporter = new (class {
    let preferences = await IOUtils.readJSON(themePath);

    // skip transformation, we won't be writing old preferences to dom, all of them can only be checkboxes
-    if (typeof preferences === "object" && !Array.isArray(preferences)) {
+    if (typeof preferences === 'object' && !Array.isArray(preferences)) {
      return { preferences: [], areOldPreferences: true };
    }

@ -142,16 +142,17 @@ var gZenThemeImporter = new (class {
  }

  async writeToDom() {
-    const browser = this._getBrowser()
+    const browser = this._getBrowser();

    for (const theme of Object.values(await this.getThemes())) {
      const { preferences, areOldPreferences } = await this._getThemePreferences(theme);
+      const sanitizedName = `theme-${theme.name?.replaceAll(/\s/g, '-')?.replaceAll(/[^A-z_-]+/g, '')}`;

      if (!theme.enabled) {
-        const element = browser.document.getElementById(theme.name);
+        const element = browser.document.getElementById(sanitizedName);

        if (element) {
-          element.remove()
+          element.remove();
        }

        continue;
@ -161,24 +162,24 @@ var gZenThemeImporter = new (class {
        continue;
      }

-      const themePreferences = preferences.filter(({ type }) => type === "dropdown")
+      const themePreferences = preferences.filter(({ type }) => type === 'dropdown');

      for (const { property } of themePreferences) {
-        const value = Services.prefs.getStringPref(property, "")
+        const value = Services.prefs.getStringPref(property, '');

-        if (value !== "") {
-          let element = browser.document.getElementById(theme.name)
+        if (value !== '') {
+          let element = browser.document.getElementById(sanitizedName);

          if (!element) {
-            element = browser.document.createElement("div")
+            element = browser.document.createElement('div');

-            element.style.display = "none"
-            element.setAttribute("id", theme.name)
+            element.style.display = 'none';
+            element.setAttribute('id', sanitizedName);

-            browser.document.body.appendChild(element)
+            browser.document.body.appendChild(element);
          }

-          element.setAttribute(property, value)
+          element.setAttribute(property?.replaceAll(/\./g, '-'), value);
        }
      }
    }