docs

Author: userdocs

docs/ec.config.mjs

@@ -2,28 +2,34 @@ import { pluginCollapsibleSections } from "@expressive-code/plugin-collapsible-s
 import { ExpressiveCodeTheme } from "@astrojs/starlight/expressive-code";
 import fs from "node:fs";
 import path from "node:path";
+import { fileURLToPath } from "node:url";
 
-// Define allowed paths relative to project root
+// Define allowed paths relative to this config file's directory
 const ALLOWED_PATHS = ["src/themes/expressive-code"];
 
 function readFileSyncSafe(url) {
 	if (url.protocol !== "file:") {
 		throw new Error("Invalid URL protocol");
 	}
 
-	// Convert URL to filesystem path and normalize
-	const filePath = path.normalize(url.pathname);
+	// Convert URL to filesystem path and normalize (Windows-safe)
+	const filePath = path.normalize(fileURLToPath(url));
 
-	// Ensure path is within allowed directories
-	const isAllowed = ALLOWED_PATHS.some((allowedPath) =>
-		filePath.includes(path.normalize(allowedPath))
-	);
+	// Resolve allowed directories relative to this file's directory
+	const baseDir = path.dirname(fileURLToPath(import.meta.url));
+	const allowedAbs = ALLOWED_PATHS.map((p) => path.resolve(baseDir, p));
+
+	// Ensure path is within one of the allowed directories using path.relative
+	const isAllowed = allowedAbs.some((allowedDir) => {
+		const rel = path.relative(allowedDir, filePath);
+		return rel && !rel.startsWith("..") && !path.isAbsolute(rel);
+	});
 
 	if (!isAllowed) {
-		throw new Error("Access to this directory is not allowed");
+		throw new Error(`Access to this file is not allowed: ${filePath}`);
 	}
 
-	return fs.readFileSync(url, "utf-8");
+	return fs.readFileSync(filePath, "utf-8");
 }
 
 const jsoncStringLight = readFileSyncSafe(