UNPKG

react-dom-core/lib/dangerousStyleValue.js

Version:

2.94 kBJavaScriptView Raw

1/**
* Copyright (c) 2013-present, Facebook, Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*
*/
8
9'use strict';
10
11var CSSProperty = require('./CSSProperty');
12var warning = require('fbjs/lib/warning');
13
14var isUnitlessNumber = CSSProperty.isUnitlessNumber;
15var styleWarnings = {};
16
17/**
* Convert a value into the proper css writable value. The style name `name`
* should be logical (no hyphens), as specified
* in `CSSProperty.isUnitlessNumber`.
*
* @param {string} name CSS property name such as `topMargin`.
* @param {*} value CSS property value such as `10px`.
* @param {ReactDOMComponent} component
* @return {string} Normalized style value with dimensions applied.
*/
27function dangerousStyleValue(name, value, component, isCustomProperty) {
// Note that we've removed escapeTextForBrowser() calls here since the
// whole string will be escaped when the attribute is injected into
// the markup. If you provide unsafe user data here they can inject
// arbitrary CSS which may be problematic (I couldn't repro this):
// https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
// http://www.thespanner.co.uk/2007/11/26/ultimate-xss-css-injection/
// This is not an XSS hole but instead a potential CSS injection issue
// which has lead to a greater discussion about how we're going to
// trust URLs moving forward. See #2115901
37
var isEmpty = value == null || typeof value === 'boolean' || value === '';
if (isEmpty) {
  return '';
}
42
var isNonNumeric = isNaN(value);
if (isCustomProperty || isNonNumeric || value === 0 || isUnitlessNumber.hasOwnProperty(name) && isUnitlessNumber[name]) {
  return '' + value; // cast to string
}
47
if (typeof value === 'string') {
  if (process.env.NODE_ENV !== 'production') {
    // Allow '0' to pass through without warning. 0 is already special and
    // doesn't require units, so we don't need to warn about it.
    if (component && value !== '0') {
      var owner = component._currentElement._owner;
      var ownerName = owner ? owner.getName() : null;
      if (ownerName && !styleWarnings[ownerName]) {
        styleWarnings[ownerName] = {};
      }
      var warned = false;
      if (ownerName) {
        var warnings = styleWarnings[ownerName];
        warned = warnings[name];
        if (!warned) {
          warnings[name] = true;
        }
      }
      if (!warned) {
        process.env.NODE_ENV !== 'production' ? warning(false, 'a `%s` tag (owner: `%s`) was passed a numeric string value ' + 'for CSS property `%s` (value: `%s`) which will be treated ' + 'as a unitless number in a future version of React.', component._currentElement.type, ownerName || 'unknown', name, value) : void 0;
      }
    }
  }
  value = value.trim();
}
return value + 'px';
74}
75
76module.exports = dangerousStyleValue;
\No newline at end of file

1	`/**`
2	`* Copyright (c) 2013-present, Facebook, Inc.`
3	`*`
4	`* This source code is licensed under the MIT license found in the`
5	`* LICENSE file in the root directory of this source tree.`
6	`*`
7	`*/`
8
9	`'use strict';`
10
11	`var CSSProperty = require('./CSSProperty');`
12	`var warning = require('fbjs/lib/warning');`
13
14	`var isUnitlessNumber = CSSProperty.isUnitlessNumber;`
15	`var styleWarnings = {};`
16
17	`/**`
18	* Convert a value into the proper css writable value. The style name `name`
19	`* should be logical (no hyphens), as specified`
20	* in `CSSProperty.isUnitlessNumber`.
21	`*`
22	* @param {string} name CSS property name such as `topMargin`.
23	* @param {*} value CSS property value such as `10px`.
24	`* @param {ReactDOMComponent} component`
25	`* @return {string} Normalized style value with dimensions applied.`
26	`*/`
27	`function dangerousStyleValue(name, value, component, isCustomProperty) {`
28	`// Note that we've removed escapeTextForBrowser() calls here since the`
29	`// whole string will be escaped when the attribute is injected into`
30	`// the markup. If you provide unsafe user data here they can inject`
31	`// arbitrary CSS which may be problematic (I couldn't repro this):`
32	`// https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet`
33	`// http://www.thespanner.co.uk/2007/11/26/ultimate-xss-css-injection/`
34	`// This is not an XSS hole but instead a potential CSS injection issue`
35	`// which has lead to a greater discussion about how we're going to`
36	`// trust URLs moving forward. See #2115901`
37
38	`var isEmpty = value == null \|\| typeof value === 'boolean' \|\| value === '';`
39	`if (isEmpty) {`
40	`return '';`
41	`}`
42
43	`var isNonNumeric = isNaN(value);`
44	`if (isCustomProperty \|\| isNonNumeric \|\| value === 0 \|\| isUnitlessNumber.hasOwnProperty(name) && isUnitlessNumber[name]) {`
45	`return '' + value; // cast to string`
46	`}`
47
48	`if (typeof value === 'string') {`
49	`if (process.env.NODE_ENV !== 'production') {`
50	`// Allow '0' to pass through without warning. 0 is already special and`
51	`// doesn't require units, so we don't need to warn about it.`
52	`if (component && value !== '0') {`
53	`var owner = component._currentElement._owner;`
54	`var ownerName = owner ? owner.getName() : null;`
55	`if (ownerName && !styleWarnings[ownerName]) {`
56	`styleWarnings[ownerName] = {};`
57	`}`
58	`var warned = false;`
59	`if (ownerName) {`
60	`var warnings = styleWarnings[ownerName];`
61	`warned = warnings[name];`
62	`if (!warned) {`
63	`warnings[name] = true;`
64	`}`
65	`}`
66	`if (!warned) {`
67	process.env.NODE_ENV !== 'production' ? warning(false, 'a `%s` tag (owner: `%s`) was passed a numeric string value ' + 'for CSS property `%s` (value: `%s`) which will be treated ' + 'as a unitless number in a future version of React.', component._currentElement.type, ownerName \|\| 'unknown', name, value) : void 0;
68	`}`
69	`}`
70	`}`
71	`value = value.trim();`
72	`}`
73	`return value + 'px';`
74	`}`
75
76	`module.exports = dangerousStyleValue;`
\	No newline at end of file