Sakurai/pdf.js
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Verify the request id parameter

Browse Source
This commit is contained in:
Yury Delendik 2012-08-17 16:56:47 -05:00
parent 52d229761a
commit 4f20f5f1bb
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/fonts.js
View File

@ -501,6 +501,16 @@ var FontLoader = {
// The postMessage() hackery was added to work around chrome bug // The postMessage() hackery was added to work around chrome bug
// 82402. // 82402.
var requestId = request.id;
// Validate the requestId parameter -- the value used to construct HTML.
if (!/^[\w\-]+$/.test(requestId)) {
error('Invalid request id: ' + requestId);
// Normally the error-function throws. But if a malicious code
// intercepts the function call then the return is needed.
return;
}
var names = []; var names = [];
for (var i = 0, ii = fonts.length; i < ii; i++) for (var i = 0, ii = fonts.length; i < ii; i++)
names.push(fonts[i].loadedName); names.push(fonts[i].loadedName);
@ -526,7 +536,6 @@ var FontLoader = {
div.innerHTML = html; div.innerHTML = html;
document.body.appendChild(div); document.body.appendChild(div);
var requestId = request.id;
window.addEventListener( window.addEventListener(
'message', 'message',
function fontLoaderMessage(e) { function fontLoaderMessage(e) {