From 29263836c24053180e7b38d4d2b2d885f6bda6de Mon Sep 17 00:00:00 2001 From: Brendan Dahl Date: Fri, 3 Aug 2012 16:11:43 -0700 Subject: [PATCH 1/2] Sanitize the document info. --- src/core.js | 43 +++++++++++++++++++++++++++++------- test/pdfs/issue1729.pdf.link | 2 ++ test/test_manifest.json | 8 +++++++ 3 files changed, 45 insertions(+), 8 deletions(-) create mode 100644 test/pdfs/issue1729.pdf.link diff --git a/src/core.js b/src/core.js index e8d008074..1ee01d7e5 100644 --- a/src/core.js +++ b/src/core.js @@ -403,6 +403,24 @@ var PDFDocument = (function PDFDocumentClosure() { return true; /* found */ } + var DOCUMENT_INFO = { + get entries() { + // Lazily build this since all the validation functions below are not + // defined until after this file loads. + return shadow(this, 'entries', { + Title: isString, + Author: isString, + Subject: isString, + Keywords: isString, + Creator: isString, + Producer: isString, + CreationDate: isString, + ModDate: isString, + Trapped: isName + }); + } + }; + PDFDocument.prototype = { get linearization() { var length = this.stream.length; @@ -495,18 +513,27 @@ var PDFDocument = (function PDFDocumentClosure() { return shadow(this, 'numPages', num); }, getDocumentInfo: function PDFDocument_getDocumentInfo() { - var info; + var docInfo; if (this.xref.trailer.has('Info')) { var infoDict = this.xref.trailer.get('Info'); - info = {}; - infoDict.forEach(function(key, value) { - info[key] = typeof value !== 'string' ? value : - stringToPDFString(value); - }); + docInfo = {}; + var validEntries = DOCUMENT_INFO.entries; + // Only fill the document info with valid entries from the spec. + for (var key in validEntries) { + if (infoDict.has(key)) { + var value = infoDict.get(key); + // Make sure the value conforms to the spec. + if (validEntries[key](value)) { + docInfo[key] = typeof value !== 'string' ? value : + stringToPDFString(value); + } else { + info('Bad value in document info for "' + key + '"'); + } + } + } } - - return shadow(this, 'getDocumentInfo', info); + return shadow(this, 'getDocumentInfo', docInfo); }, getFingerprint: function PDFDocument_getFingerprint() { var xref = this.xref, fileID; diff --git a/test/pdfs/issue1729.pdf.link b/test/pdfs/issue1729.pdf.link new file mode 100644 index 000000000..ca6fa690c --- /dev/null +++ b/test/pdfs/issue1729.pdf.link @@ -0,0 +1,2 @@ +http://www.environmentallights.com/files/documents/ir_light_hazard.pdf + diff --git a/test/test_manifest.json b/test/test_manifest.json index 0a22160b9..166b4fdc7 100644 --- a/test/test_manifest.json +++ b/test/test_manifest.json @@ -626,5 +626,13 @@ "pageLimit": 1, "link": true, "type": "eq" + }, + { "id": "issue1729", + "file": "pdfs/issue1729.pdf", + "md5": "29b0eddc3e1dcb23a44384037032d470", + "rounds": 1, + "pageLimit": 1, + "link": true, + "type": "load" } ] From 70e415900c0accbe1ef3bd84ec9c6867ef7f70f6 Mon Sep 17 00:00:00 2001 From: Brendan Dahl Date: Mon, 6 Aug 2012 14:32:54 -0700 Subject: [PATCH 2/2] Address review comments. --- src/core.js | 4 ++-- test/pdfs/issue1729.pdf.link | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/core.js b/src/core.js index 1ee01d7e5..8519e2e68 100644 --- a/src/core.js +++ b/src/core.js @@ -403,7 +403,7 @@ var PDFDocument = (function PDFDocumentClosure() { return true; /* found */ } - var DOCUMENT_INFO = { + var DocumentInfoValidators = { get entries() { // Lazily build this since all the validation functions below are not // defined until after this file loads. @@ -518,7 +518,7 @@ var PDFDocument = (function PDFDocumentClosure() { var infoDict = this.xref.trailer.get('Info'); docInfo = {}; - var validEntries = DOCUMENT_INFO.entries; + var validEntries = DocumentInfoValidators.entries; // Only fill the document info with valid entries from the spec. for (var key in validEntries) { if (infoDict.has(key)) { diff --git a/test/pdfs/issue1729.pdf.link b/test/pdfs/issue1729.pdf.link index ca6fa690c..a6a73d5a7 100644 --- a/test/pdfs/issue1729.pdf.link +++ b/test/pdfs/issue1729.pdf.link @@ -1,2 +1 @@ http://www.environmentallights.com/files/documents/ir_light_hazard.pdf -