Verify the names parameter

author notmasteryet <async.processingjs@yahoo.com>

Fri, 16 Mar 2012 02:25:19 +0000 (21:25 -0500)

committer notmasteryet <async.processingjs@yahoo.com>

Fri, 16 Mar 2012 02:25:19 +0000 (21:25 -0500)
author notmasteryet <async.processingjs@yahoo.com>
Fri, 16 Mar 2012 02:25:19 +0000 (21:25 -0500)
committer notmasteryet <async.processingjs@yahoo.com>
Fri, 16 Mar 2012 02:25:19 +0000 (21:25 -0500)
diff --git a/src/fonts.js b/src/fonts.js

index df0acbbc5aa65d454e3f2a319e65e1de4743dbf9..af720516c84a2f47673b58e9a765ad38f7a2399f 100644 (file)
--- a/src/fonts.js
+++ b/src/fonts.js
@@ -500,6 +500,12 @@ var FontLoader = {
        // The postMessage() hackery was added to work around chrome bug
        // 82402.
  
+      // Validate the names parameter -- the values can used to construct HTML.
+      if (!/^\w+$/.test(names.join(''))) {
+        error('Invalid font name(s): ' + names.join());
+        return; // Keep the return in case if error() did not throw.
+      }
+
        var div = document.createElement('div');
        div.setAttribute('style',
                         'visibility: hidden;' +
author	notmasteryet <async.processingjs@yahoo.com>
	Fri, 16 Mar 2012 02:25:19 +0000 (21:25 -0500)
committer	notmasteryet <async.processingjs@yahoo.com>
	Fri, 16 Mar 2012 02:25:19 +0000 (21:25 -0500)