Add protection against malicious code in font loader.

diff --git a/src/fonts.js b/src/fonts.js
index c1023f6fca800f3aed5fa08f8827972d1ad9f877..6b89068271824c8c4da26273490e03edc32d7f7d 100644 (file)
--- a/src/fonts.js
+++ b/src/fonts.js
@@ -494,9 +494,14 @@ var FontLoader = {
       // 82402.
 
       // Validate the names parameter -- the values can used to construct HTML.
-      if (!/^\w+$/.test(names.join('')))
+      if (!/^\w+$/.test(names.join(''))) {
         error('Invalid font name(s): ' + names.join());
 
+        // Normally the error-function throws. But if a malicious code
+        // intercepts the function call then the return is needed.
+        return;
+      }
+
       var div = document.createElement('div');
       div.setAttribute('style',
                        'visibility: hidden;' +