(value: string)
| 31 | } |
| 32 | |
| 33 | function sanitizeCssColor(value: string): string { |
| 34 | // Tooltip content is assigned via innerHTML, so treat color as untrusted. |
| 35 | // Allow only common safe color syntaxes; otherwise fall back. |
| 36 | const s = value.trim(); |
| 37 | if (s.length === 0) return '#888'; |
| 38 | |
| 39 | // Hex: #RGB, #RRGGBB, #RRGGBBAA |
| 40 | if (/^#[0-9a-fA-F]{3}$/.test(s)) return s; |
| 41 | if (/^#[0-9a-fA-F]{6}$/.test(s)) return s; |
| 42 | if (/^#[0-9a-fA-F]{8}$/.test(s)) return s; |
| 43 | |
| 44 | // rgb()/rgba() numeric forms (commas or space-separated with optional slash alpha) |
| 45 | if ( |
| 46 | /^rgba?\(\s*\d{1,3}\s*(?:,\s*|\s+)\d{1,3}\s*(?:,\s*|\s+)\d{1,3}(?:\s*(?:,\s*|\/\s*)(?:0|1|0?\.\d+))?\s*\)$/.test( |
| 47 | s, |
| 48 | ) |
| 49 | ) { |
| 50 | return s; |
| 51 | } |
| 52 | |
| 53 | // Named colors: basic CSS ident (letters only) to avoid weird tokens. |
| 54 | if (/^[a-zA-Z]+$/.test(s)) return s; |
| 55 | |
| 56 | return '#888'; |
| 57 | } |
| 58 | |
| 59 | function isCandlestickValue( |
| 60 | value: readonly [number, number] | readonly [number, number, number, number, number], |
no outgoing calls
no test coverage detected