Facyla commented on code in PR #36732:
URL: https://github.com/apache/superset/pull/36732#discussion_r2737168557
##########
superset-frontend/plugins/legacy-plugin-chart-country-map/src/CountryMap.js:
##########
@@ -41,10 +41,52 @@ const propTypes = {
linearColorScheme: PropTypes.string,
mapBaseUrl: PropTypes.string,
numberFormat: PropTypes.string,
+ customColorScale: PropTypes.array,
};
const maps = {};
+function normalizeColorKeyword(color) {
+ if (color == null) return '#000000';
+ const c = String(color).trim();
+
+ // Hex colors (#RGB, #RRGGBB, #RGBA, #RRGGBBAA)
+ if (/^#([0-9a-f]{3}|[0-9a-f]{4}|[0-9a-f]{6}|[0-9a-f]{8})$/i.test(c)) return
c;
+
+ // CSS color functions (rgb, rgba, hsl, hsla) with flexible spacing and alpha
+ const colorFuncRegex =
+
/^(rgb|rgba)\(\s*(\d{1,3}%?\s*,\s*){2}\d{1,3}%?(?:\s*,\s*(\d*\.?\d+))?\s*\)$/i;
+ const colorFuncHslRegex =
+ /^(hsl|hsla)\(\s*\d+\s*,\s*\d+%\s*,\s*\d+%(?:\s*,\s*(\d*\.?\d+))?\s*\)$/i;
+ if (colorFuncRegex.test(c) || colorFuncHslRegex.test(c)) return c;
+
+ // Named CSS colors and system colors
Review Comment:
An alternative approach would be to simply accept a basic CSS color syntax,
only Hex would be sufficient. Controlling a user input seems necessary for
security reasons, but adding too much complexity for a simple CSS color value
seems overkill to me. Adding more validation rules here was suggested by
previous AI bot review, but i'm not sure it is a wise move.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
