(node)
| 29 | walkCSS(ast, { |
| 30 | visit: "Url", |
| 31 | enter(node) { |
| 32 | const originalUrl = node.value.trim(); |
| 33 | if ( |
| 34 | originalUrl.startsWith("http:") || |
| 35 | originalUrl.startsWith("https:") || |
| 36 | originalUrl.startsWith("data:") |
| 37 | ) { |
| 38 | return; |
| 39 | } |
| 40 | // allow file:/// urls (if they are absolute) |
| 41 | if (originalUrl.startsWith("file://")) { |
| 42 | const path = originalUrl.slice(7); |
| 43 | if (!path.startsWith("/")) { |
| 44 | console.log(`Invalid background, contains a non-absolute file URL: ${originalUrl}`); |
| 45 | hasUnsafeUrl = true; |
| 46 | return; |
| 47 | } |
| 48 | const newUrl = encodeFileURL(path); |
| 49 | node.value = newUrl; |
| 50 | return; |
| 51 | } |
| 52 | // allow absolute paths |
| 53 | if (originalUrl.startsWith("/") || originalUrl.startsWith("~/") || /^[a-zA-Z]:(\/|\\)/.test(originalUrl)) { |
| 54 | const newUrl = encodeFileURL(originalUrl); |
| 55 | node.value = newUrl; |
| 56 | return; |
| 57 | } |
| 58 | hasUnsafeUrl = true; |
| 59 | console.log(`Invalid background, contains an unsafe URL scheme: ${originalUrl}`); |
| 60 | }, |
| 61 | }); |
| 62 | if (hasUnsafeUrl) { |
| 63 | return null; |
nothing calls this directly
no test coverage detected