mirror of
https://github.com/actualbudget/actual.git
synced 2026-03-22 00:13:45 -05:00
a16b4107a7
Implement safe font-family references in custom themes via CSS variables
(--font-body, --font-mono, --font-heading, etc.) validated against a
curated allowlist of system-installed and web-safe fonts.
Security approach: Only fonts already present on the user's OS or bundled
with the app are allowed. No @font-face, no url(), no external font
loading — this prevents third-party tracking via font requests while
still enabling meaningful font customization in themes.
Key changes:
- Add SAFE_FONT_FAMILIES allowlist (~80 fonts: generic families, bundled
fonts, and common system fonts across platforms)
- Add validateFontFamilyValue() for comma-separated font stack validation
- Route --font-{body,mono,heading,family,ui,display,code} properties
through the font validator instead of the color validator
- Update index.html to use var(--font-body, ...) with current Inter
Variable stack as fallback
- Add comprehensive tests for valid/invalid font values and security
edge cases (url injection, javascript:, expression(), etc.)
https://claude.ai/code/session_01D4ASLpcBCvWF1nzPLz9Tw5