Update astro.config.mjs

Author: userdocs

docs/astro.config.mjs

@@ -2,14 +2,30 @@ import { defineConfig } from "astro/config";
 import starlight from "@astrojs/starlight";
 import { ExpressiveCodeTheme } from "@astrojs/starlight/expressive-code";
 import fs from "node:fs";
+import path from "node:path";
 import starlightImageZoom from "starlight-image-zoom";
 
+// Define allowed paths relative to project root
+const ALLOWED_PATHS = ["src/themes/expressive-code"];
+
 function readFileSyncSafe(url) {
-	if (url.protocol === "file:") {
-		return fs.readFileSync(url, "utf-8");
-	} else {
+	if (url.protocol !== "file:") {
 		throw new Error("Invalid URL protocol");
 	}
+
+	// Convert URL to filesystem path and normalize
+	const filePath = path.normalize(url.pathname);
+
+	// Ensure path is within allowed directories
+	const isAllowed = ALLOWED_PATHS.some((allowedPath) =>
+		filePath.includes(path.normalize(allowedPath))
+	);
+
+	if (!isAllowed) {
+		throw new Error("Access to this directory is not allowed");
+	}
+
+	return fs.readFileSync(url, "utf-8");
 }
 
 const jsoncStringLight = readFileSyncSafe(