Skip to content

Commit

Permalink
registry: don't trust the clipboard content type
Browse files Browse the repository at this point in the history 
The clipboard content type may be a filename represented by a
variety of mime-types, so double-check it is supported type
before loading the contents.

closes #447
closes #453
  • Loading branch information
@andyholmes
andyholmes committed Apr 6, 2024
1 parent dc48ca5 commit 8203d3f
Showing 1 changed file with 24 additions and 10 deletions.
34 changes: 24 additions & 10 deletions registry.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,18 +228,32 @@ export class ClipboardEntry {

let file = Gio.file_new_for_path(filename);

bytes = await new Promise((resolve, reject) => file.load_contents_async(null, (obj, res) => {
let [success, contents] = obj.load_contents_finish(res);

if (success) {
resolve(contents);
}
else {
reject(
new Error('Clipboard Indicator: could not read image file from cache')
);
const contentType = await new Promise((resolve, reject) => file.query_info_async(null, (obj, res) => {
try {
const fileInfo = obj.query_info_finish(res);
resolve(fileInfo.get_content_type());
} catch (e) {
reject(e);
}
}));

if (!contentType.startsWith('image/') && !contentType.startsWith('text/')) {
bytes = new TextEncoder().encode(jsonEntry.contents);
}
else {
bytes = await new Promise((resolve, reject) => file.load_contents_async(null, (obj, res) => {
let [success, contents] = obj.load_contents_finish(res);

if (success) {
resolve(contents);
}
else {
reject(
new Error('Clipboard Indicator: could not read image file from cache')
);
}
}));
}
}

return new ClipboardEntry(mimetype, bytes, favorite);
Expand Down

0 comments on commit 8203d3f

Please sign in to comment.