Sakurai/pdf.js
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add protection against malicious code in font loader.

Browse Source
This commit is contained in:
Kalervo Kujala 2012-03-20 17:56:42 +02:00
parent eb4ec7899a
commit ed2bcf0ffa
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/fonts.js
View File

@ -494,9 +494,14 @@ var FontLoader = {
// 82402. // 82402.
// Validate the names parameter -- the values can used to construct HTML. // Validate the names parameter -- the values can used to construct HTML.
if (!/^\w+$/.test(names.join(''))) if (!/^\w+$/.test(names.join(''))) {
error('Invalid font name(s): ' + names.join()); error('Invalid font name(s): ' + names.join());
// Normally the error-function throws. But if a malicious code
// intercepts the function call then the return is needed.
return;
}
var div = document.createElement('div'); var div = document.createElement('div');
div.setAttribute('style', div.setAttribute('style',
'visibility: hidden;' + 'visibility: hidden;' +