-
-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential collision in hash
#292
Comments
Is it only |
I only select a few from those collided. There are probably more since my PoC doesn't filter them out. |
Hashing collisions are expected in this case. We should narrow it down to only the ones that are prefixed in the switch block and that shouldn't, and then evaluate if it is within acceptable tolerance. |
I am doing a custom prefixer and re-use console.log('hash:background-clip', hash('background-clip', 'background-clip'.length)); // 4215
console.log('hash:backdrop-filter', hash('backdrop-filter', 'backdrop-filter'.length)); // 4215 I would like to prefix only |
once u know about the collision you could always discriminate inputs based on a unique character in all candidates |
Hi, it is 2024 and I am back to the issue here.
@Andarist I am afraid this is a huge task. Here I use a simple script to collect all known CSS properties collision: const { hash, charat } = require("stylis");
const { all } = require("known-css-properties");
function djb2a(value, length) {
let h = 5381;
for (let i = 0; i < length; i++) {
h = ((h << 5) + h) ^ charat(value, i);
}
return h >>> 0;
}
function getCollidedFromHashMap(obj) {
return Object.fromEntries(
Object.entries(obj).filter(([key, value]) => value.length > 1),
);
}
const stylisHashMap1 = {};
const nonPrefixedProperties = all.filter((i) => !i.startsWith("-"));
nonPrefixedProperties.forEach((property) => {
const key = hash(property, property.length);
stylisHashMap1[key] ||= [];
stylisHashMap1[key].push(property);
});
const stylisHashMap2 = {};
nonPrefixedProperties.forEach((property) => {
const key = hash(property, property.length);
stylisHashMap2[key] ||= [];
stylisHashMap2[key].push(property);
});
const djb2aHashMap = {};
all.forEach((property) => {
if (!property.startsWith("-")) {
const key = djb2a(property, property.length);
djb2aHashMap[key] = djb2aHashMap[key] || [];
djb2aHashMap[key].push(property);
}
});
console.log("(stylis) Collided all known css properties:");
console.log(getCollidedFromHashMap(stylisHashMap1));
// console.log('(stylis) Collided all known css properties without vendor prefixed:');
// console.log(getCollidedFromHashMap(stylisHashMap2));
console.log("(djb2a) Collided all known css properties:");
console.log(getCollidedFromHashMap(djb2aHashMap)); https://replit.com/@isukkaw/DarkkhakiRealisticCharmap#index.js And here is the collision result:
|
Honestly, I don't quite have the bandwidth and mental space to handle this right now. Note that usually some extra prefixes shouldn't introduce actual errors to your applications. A big problem would be if some of the generated ones are plain incorrect and that they could be fine-tuned to make them work. |
@SukkaW Collisions are expected, A better test for this would be to run it against the |
cc @thysultan
stylis contains a dead simple
hash
function used for matching CSS properties, and I am wondering how safe it is. So I write a small PoC:You can test the PoC out at ReplIt: https://replit.com/@SukkaW/QuarterlyMotherlyCollaborativesoftware
The result is that the stylis' built-in hash is not safe at all. And honestly, that is not a surprising result. The current
hash
function only takes in the first, the second, and the third characters and the length into the account. So any CSS properties that have the same length and the first three characters are the same will collided.E.g.
flex-flow
,flex-grow
, andflex-wrap
all have the same hash 6060, while the stylis is matching 6060 forflex-grow
:stylis/src/Prefixer.js
Lines 65 to 67 in 55c363f
And
mask-(border|origin|repeat)
all have the same hash 6135, but the stylis only need to prefixmask-(repeat|origin)
:stylis/src/Prefixer.js
Lines 19 to 20 in 55c363f
And
transform
andtranslate
all have the same hash 4810, but the stylis only need to prefixtransform
:stylis/src/Prefixer.js
Lines 27 to 29 in 55c363f
And many other collisions, like:
scroll-margin-top
andscroll-snap-align
all have the same hash 2647 but the stylis only needs to prefix thescroll-margin-top
.scroll-margin-left
,scroll-padding-top
andscroll-snap-margin
all have the same hash 2391 but the stylis only needs to prefix thescroll-margin-left
.The text was updated successfully, but these errors were encountered: