From: notmasteryet <async.processingjs@yahoo.com>
Date: Fri, 16 Mar 2012 02:25:19 +0000 (-0500)
Subject: Verify the names parameter
X-Git-Url: https://git.parisson.com/?a=commitdiff_plain;h=2508d2c12bb1a9319b84abc8e0b763d899471afa;p=pdf.js.git

Verify the names parameter
---

diff --git a/src/fonts.js b/src/fonts.js
index df0acbb..af72051 100644
--- a/src/fonts.js
+++ b/src/fonts.js
@@ -500,6 +500,12 @@ var FontLoader = {
       // The postMessage() hackery was added to work around chrome bug
       // 82402.
 
+      // Validate the names parameter -- the values can used to construct HTML.
+      if (!/^\w+$/.test(names.join(''))) {
+        error('Invalid font name(s): ' + names.join());
+        return; // Keep the return in case if error() did not throw.
+      }
+
       var div = document.createElement('div');
       div.setAttribute('style',
                        'visibility: hidden;' +