β ππ Validate HTML colors by
name,special name,hex,rgb,rgba,hsl,hsla,hwb,laborlchvalues
HTML colors are remarkably easy to get wrong, because they allow for so many different values.
As I was writing Console Log Plus, I thought it would be great to allow users to pass any HTML color they wanted as one of the parameter to the function. But since HTML colors have so many variations and therefore are complex strings, it didn't take me long to realize that I'd have to make quite a few checks to validate the value passed by the user. That need brought me here.
Validate Color let's one validate the color string against all current possible HTML color values. Some examples:
hex-#bada55name-LightGoldenrodYellowspecial name-currentColorrgb-rgb(0 0 0)rgba-rgba(0, 0, 0, .45)hsl-hsl(4.71239rad, 60%, 70%)hsla-hsla(180deg 100% 50% / .8)hwb-hwb(180deg 0% 0% / 100%)lab-lab(2000.1337% -8.6911 -159.131231 / .987189732)lch-lch(54.292% 106.839 40.853)
Both rgba and hsla are now officially merged into their rgb and hsl counterparts, so the a can be omitted. The a is considered legacy syntax, so it will still work.
To demonstrate the power of validate-color, I decided it would be best to create a living github page, that would serve both as a way of showcase validate-color, and facilitate its use:
https://dreamyguy.github.io/validate-color/
On this page you can:
- Validate HTML colors as you type
On my TODO list:
- See opaque colors against black and white backgrounds.
- See colors with transparency in different contexts.
validate-color is also available as a package on npm and can be installed as a depedency with:
npm i validate-color --save
As with any node module, first you'll have to import it with require:
var validateColor = require("validate-color").default;...or through import:
import validateColor from "validate-color";Once you've done the import, you'll be able to do checks like (example in React):
import React from "react";
import validateColor from "validate-color";
const ColorBox = (props) => {
const { color = "", text = "" } = props;
const theColor = color && validateColor(color) ? color : "transparent";
return (
<div className="color-box" style={{ backgroundColor: theColor }}>
<p>{text}</p>
</div>
);
};
export default ColorBox;π The source for a full-fledged color validation component can be viewed here. That component can be seen in action here.
One can "extend" the library by using only parts of it.
1. Validate only HTML colors (hex, rgb, rgba, hsl, hsla, hwb, lab, lch), without name
import { validateHTMLColor } from "validate-color";2. Validate only HEX colors
import { validateHTMLColorHex } from "validate-color";3. Validate only HSL colors
import { validateHTMLColorHsl } from "validate-color";4. Validate only NAME colors
import { validateHTMLColorName } from "validate-color";5. Validate only RGB colors
import { validateHTMLColorRgb } from "validate-color";6. Validate only SPECIAL NAME colors
import { validateHTMLColorSpecialName } from "validate-color";7. Validate only HWB colors
import { validateHTMLColorHwb } from "validate-color";8. Validate only LAB colors
import { validateHTMLColorLab } from "validate-color";9. Validate only LCH colors
import { validateHTMLColorLch } from "validate-color";π I was proactive and added validation to these relatively new HTML/CSS colors (HWB & LAB & LCH), but since they're still drafts at the time of this writing, they might still be not fully supported at the time of this reading.
A ReDoS vulnerability was reported as an issue on Oct 14, 2022, but that went under my radar. It was just today (Jan 29, 2023) I came across the issue, and luckily I had time to look into it.
This vulnerability was officially reported as CVE-2021-40892, and is listed a few places: 1, 2, 3, 4, 5.
A similar problem was reported for the color-string package, versions < 1.5.5.
A good article by Godson Obielum: How to protect against regex denial-of-service (ReDoS) attacks.
The issue is caused by the "greedy" character in regex, the infamous +. I've made amendments that limit the number of both spaces and digits by 5, instead of having no limits.
I've also made patterns stricter and removed redundant optionals, simplifying whenever possible.
π All current
regexhave been tested with https://regex.rip/ andnpx redos-detector check "<regex pattern>" --maxSteps 10000)(see redos-detector for more options).
That will, from this point onwards, invalidate otherwise valid colors that cross that threshold.
Since this is an important update, I'm releasing it as a patch (v2.2.3)
Clone this repo locally. You'll need to have NodeJS installed. Install all dependencies by running:
npm i
To start the app locally, run:
npm run start
This command fires up the application on port 9900, making it visible on http://localhost:9900. Because this app is based on create-react-app, the port number should be configured on the .env file.
When you're ready to build for production, run:
npm run build
This command compiles all production-optimised resources to a folder called build. It's meant to be run remotely, at the environment host, at build time.
When you're done with your changes, run:
npm run build-npm
This command compiles the distribution-optimised javascript to lib/index.js, a file compiled out of src/validate-color/index.js.
π Note that the
lib/folder and its contents are only available at the NPM distribution.
This project wouldn't be complete without proper testing.
Jest is my Unit Testing framework of choice. It's well documented and shares good practices & syntax with its most known predecessors (Mocha, Jasmine, etc). Babel was introduced as a dependency to the project because of Jest, but it was worth it since now we can use ES6 syntax on our tests as well.
Run all tests, in watch mode:
npm run test
Tests are also run through Travis on every push to master. The build status is shown at the top of this README.
π All tests are named according to the file they're testing:
index.js->index.test.js, and reside under the same directory. SinceJestcomes as courtesy of CRA, all tests should be placed under the src/ folder.
This repo is a hybrid one. It:
- Builds the NPM distribution
- Builds the GitHub Page that serves as a demo/showcase
There are 3 commands one can run to deploy to these two places.
Deploy to GitHub Pages
npm run deploy
Deploy to NPM
npm run deploy-npm
Deploy to both places at once
npm run release
β οΈ Make sure to bump version before releasing!
- Source from which the color name list was extracted from
- The Ultimate Guide to CSS Colors 2020 Edition
- MDN: CSS Colors
- MDN: Color Picker tool
- CSS Color Module Level 4 Editor's Draft
- Lea Verou: LCH colors in CSS: what, why, and how?
- LCH Colour Picker
Validate Color was put together by Wallace SidhrΓ©e. π¨βπ»π³π΄