From 74978b2872ee19a1b7c5c62282788b3d27b32878 Mon Sep 17 00:00:00 2001 From: kuuuube Date: Sun, 29 Dec 2024 16:08:21 -0500 Subject: [PATCH 1/3] Sanitize css before sending to anki --- ext/js/core/utilities.js | 10 ++++++++++ ext/js/data/anki-note-builder.js | 4 ++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/ext/js/core/utilities.js b/ext/js/core/utilities.js index ec29a3036..2e0386fee 100644 --- a/ext/js/core/utilities.js +++ b/ext/js/core/utilities.js @@ -262,3 +262,13 @@ export function deferPromise() { export function promiseTimeout(delay) { return delay <= 0 ? Promise.resolve() : new Promise((resolve) => { setTimeout(resolve, delay); }); } + +/** + * @param {string} css + * @returns {string} + */ +export function sanitizeCSS(css) { + const sanitizer = new CSSStyleSheet(); + sanitizer.replaceSync(css); + return Array.from(sanitizer.cssRules).map(rule => rule.cssText || '').join('\n'); +} diff --git a/ext/js/data/anki-note-builder.js b/ext/js/data/anki-note-builder.js index 11f6ea041..0bf592205 100644 --- a/ext/js/data/anki-note-builder.js +++ b/ext/js/data/anki-note-builder.js @@ -17,7 +17,7 @@ */ import {ExtensionError} from '../core/extension-error.js'; -import {deferPromise} from '../core/utilities.js'; +import {deferPromise, sanitizeCSS} from '../core/utilities.js'; import {convertHiraganaToKatakana, convertKatakanaToHiragana} from '../language/ja/japanese.js'; import {cloneFieldMarkerPattern, getRootDeckName} from './anki-util.js'; @@ -192,7 +192,7 @@ export class AnkiNoteBuilder { for (const dictionary of dictionaries) { const {name, styles} = dictionary; if (typeof styles === 'string') { - styleMap.set(name, styles); + styleMap.set(name, sanitizeCSS(styles)); } } return styleMap; From 449ee64dac9426c55c36782628fcb20ebc277cc1 Mon Sep 17 00:00:00 2001 From: kuuuube Date: Sun, 29 Dec 2024 16:20:08 -0500 Subject: [PATCH 2/3] Catch sanitizer fails only when `new CSSStyleSheet()` is not available --- ext/js/core/utilities.js | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ext/js/core/utilities.js b/ext/js/core/utilities.js index 2e0386fee..3e50aa5b6 100644 --- a/ext/js/core/utilities.js +++ b/ext/js/core/utilities.js @@ -16,6 +16,9 @@ * along with this program. If not, see . */ +import {log} from './log.js'; + + /** * Converts any string into a form that can be passed into the RegExp constructor. * https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions @@ -268,7 +271,15 @@ export function promiseTimeout(delay) { * @returns {string} */ export function sanitizeCSS(css) { - const sanitizer = new CSSStyleSheet(); + let sanitizer; + // As of 2023/03/xx, all latest browser versions support this but some forks may lag behind + try { + sanitizer = new CSSStyleSheet(); + } catch (e) { + log.log("Failed to sanitize dictionary styles") + log.warn(e); + return css; + } sanitizer.replaceSync(css); return Array.from(sanitizer.cssRules).map(rule => rule.cssText || '').join('\n'); } From 1d2d9bc5e8452b6d920879a681faad92ccd1a598 Mon Sep 17 00:00:00 2001 From: kuuuube Date: Sun, 29 Dec 2024 16:27:10 -0500 Subject: [PATCH 3/3] Lint --- ext/js/core/utilities.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/js/core/utilities.js b/ext/js/core/utilities.js index 3e50aa5b6..416697235 100644 --- a/ext/js/core/utilities.js +++ b/ext/js/core/utilities.js @@ -276,10 +276,10 @@ export function sanitizeCSS(css) { try { sanitizer = new CSSStyleSheet(); } catch (e) { - log.log("Failed to sanitize dictionary styles") + log.log('Failed to sanitize dictionary styles'); log.warn(e); return css; } sanitizer.replaceSync(css); - return Array.from(sanitizer.cssRules).map(rule => rule.cssText || '').join('\n'); + return [...sanitizer.cssRules].map((rule) => rule.cssText || '').join('\n'); }