From: Kalervo Kujala <kkujala@com>
Date: Tue, 20 Mar 2012 15:56:42 +0000 (+0200)
Subject: Add protection against malicious code in font loader.
X-Git-Url: https://git.parisson.com/?a=commitdiff_plain;h=ed2bcf0ffa25dbd470d817ef8cc7118bb83f5978;p=pdf.js.git

Add protection against malicious code in font loader.
---

diff --git a/src/fonts.js b/src/fonts.js
index c1023f6..6b89068 100644
--- a/src/fonts.js
+++ b/src/fonts.js
@@ -494,9 +494,14 @@ var FontLoader = {
       // 82402.
 
       // Validate the names parameter -- the values can used to construct HTML.
-      if (!/^\w+$/.test(names.join('')))
+      if (!/^\w+$/.test(names.join(''))) {
         error('Invalid font name(s): ' + names.join());
 
+        // Normally the error-function throws. But if a malicious code
+        // intercepts the function call then the return is needed.
+        return;
+      }
+
       var div = document.createElement('div');
       div.setAttribute('style',
                        'visibility: hidden;' +