Security optimisations

Prevented triangle f***ery; Added `none` type for controlled f***ery;
typst · May 22, 2024 · a89eece · a89eece
1 parent 0d14e63
commit a89eece
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 14 deletions.
diff --git a/packages/preview/boxr/0.1.0/README.md b/packages/preview/boxr/0.1.0/README.md
@@ -2,7 +2,7 @@
 Boxr is a modular, and easy to use, package for creating cardboard cutouts in Typst.
 
 ## Usage
-Create a boxr structure in your project by with the following code:
+Create a boxr structure in your project with the following code:
 ```
 #import "@preview/boxr:0.1.0"
 
@@ -58,6 +58,8 @@ A node can be of the following types:
 - `tab`:
   - Is not a json object, but a string that denotes a tab. The tab is placed on the parent node.
   - Has a tab_size after the first `|` and a cutin_size after the second `|`.
+- `none`:
+  - Is not a json object, but a string that denotes no node. This is useful for deleting a cut_stroke between two nodes.
 
 Every string value in the json file (`width: "__", height: "__", ... offset_x/y: "__"` and the values between the `|` for tabs) is evaluated as regular typst code. This means that you can use all named variables (these have to be lengths) passed to the structure. All inputs are converted to points and the result of the evaluation will be converted back to a length.
 
diff --git a/packages/preview/boxr/0.1.0/boxr.typ b/packages/preview/boxr/0.1.0/boxr.typ
@@ -28,6 +28,11 @@
     right: false
   )
 
+  let comes_from_triangle = comes_from
+  if comes_from_triangle == none {
+    comes_from_triangle = "bottom"
+  }
+
   let width = if comes_from == none {
       get_from_args(args, face.width)
     } else {
@@ -72,7 +77,10 @@
     ]
   } else if (face.type.starts-with("triangle")) {
     let direction = face.type.split("_").at(1)
-    let points = calculate_triangle_points(comes_from, direction, width, height)
+
+    assert(direction == "left" or direction == "right", message: "Triangle direction must be either 'left' or 'right'")
+
+    let points = calculate_triangle_points(comes_from_triangle, direction, width, height)
 
     place(
       center + horizon,
@@ -81,35 +89,36 @@
     )[
       #polygon(
         fill: color,
+        stroke: 0mm,
         ..points
       )
     ]
 
-    if comes_from == "top" {
+    if comes_from_triangle == "top" {
       has_child.at("bottom") = true
 
       if direction == "left" {
         has_child.at("left") = true
       } else {
         has_child.at("right") = true
       }
-    } else if comes_from == "left" {
+    } else if comes_from_triangle == "left" {
       has_child.at("right") = true
 
       if direction == "left" {
         has_child.at("bottom") = true
       } else {
         has_child.at("top") = true
       }
-    } else if comes_from == "bottom" {
+    } else if comes_from_triangle == "bottom" {
       has_child.at("top") = true
 
       if direction == "left" {
         has_child.at("right") = true
       } else {
         has_child.at("left") = true
       }
-    } else if comes_from == "right" {
+    } else if comes_from_triangle == "right" {
       has_child.at("left") = true
 
       if direction == "left" {
@@ -144,6 +153,12 @@
 
       assert(orientation != comes_from, message: "Face cannot have a child coming from the same direction as it is coming from")
 
+
+      assert(not (face.type.starts-with("triangle") and ((orientation == "right" and comes_from_triangle == "left")
+      or (orientation == "top" and comes_from_triangle == "bottom")
+      or (orientation == "left" and comes_from_triangle == "right")
+      or (orientation == "bottom" and comes_from_triangle == "top"))), message: "Triangle does not support children to the opposite side of the parent face")
+
       if type(child.at(1)) == str {
         if child.at(1).starts-with("tab|") {
 
@@ -152,12 +167,6 @@
 
           if (face.type.starts-with("triangle")) {
             let direction = face.type.split("_").at(1)
-
-            assert(not ((orientation == "right" and comes_from == "left")
-            or (orientation == "top" and comes_from == "bottom")
-            or (orientation == "left" and comes_from == "right")
-            or (orientation == "bottom" and comes_from == "top")), message: "Tab orientation is invalid")
-
             let points = calculate_triangle_points(comes_from, direction, width, height)
             let line_points = (if direction == "left" {points.at(0)} else {points.at(1)}, points.at(2))
             let l1 = (line_points.at(1).at(1) - line_points.at(0).at(1)).pt()
@@ -278,7 +287,31 @@
           }
         }
 
-        continue
+        if child.at(1) == "none" {
+          continue
+        }
+
+        assert(false, message: "Unknown child type: " + child.at(1))
+      }
+
+      if (face.type.starts-with("triangle")){
+        let direction = face.type.split("_").at(1)
+        assert(not ((comes_from_triangle == "right"
+        and direction == "left" and orientation == "top")
+        or (comes_from_triangle == "right"
+        and direction == "right" and orientation == "bottom")
+        or (comes_from_triangle == "left"
+        and direction == "right" and orientation == "top")
+        or (comes_from_triangle == "left"
+        and direction == "left" and orientation == "bottom")
+        or (comes_from_triangle == "top"
+        and direction == "left" and orientation == "left")
+        or (comes_from_triangle == "top"
+        and direction == "right" and orientation == "right")
+        or (comes_from_triangle == "bottom"
+        and direction == "right" and orientation == "left")
+        or (comes_from_triangle == "bottom"
+        and direction == "left" and orientation == "right")), message: "Triange does not support children to come from angeled sides")
       }
 
       if orientation == "top" {
@@ -447,4 +480,10 @@
       #render_face(structure.root, color, fold_stroke, cut_stroke, glue_pattern_p, clip, args)
     ]
   ]
-}
+}
+
+#render_structure(
+  "triangle_test_2",
+  a: 100pt,
+  tab_size: 20pt
+)