From 8203d3ffd0a7bee888dd50e63a5fa661040d091b Mon Sep 17 00:00:00 2001 From: Andy Holmes Date: Sat, 6 Apr 2024 14:11:19 -0700 Subject: [PATCH] registry: don't trust the clipboard content type The clipboard content type may be a filename represented by a variety of mime-types, so double-check it is supported type before loading the contents. closes #447 closes #453 --- registry.js | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/registry.js b/registry.js index 642f386..f6a8cf2 100644 --- a/registry.js +++ b/registry.js @@ -228,18 +228,32 @@ export class ClipboardEntry { let file = Gio.file_new_for_path(filename); - bytes = await new Promise((resolve, reject) => file.load_contents_async(null, (obj, res) => { - let [success, contents] = obj.load_contents_finish(res); - - if (success) { - resolve(contents); - } - else { - reject( - new Error('Clipboard Indicator: could not read image file from cache') - ); + const contentType = await new Promise((resolve, reject) => file.query_info_async(null, (obj, res) => { + try { + const fileInfo = obj.query_info_finish(res); + resolve(fileInfo.get_content_type()); + } catch (e) { + reject(e); } })); + + if (!contentType.startsWith('image/') && !contentType.startsWith('text/')) { + bytes = new TextEncoder().encode(jsonEntry.contents); + } + else { + bytes = await new Promise((resolve, reject) => file.load_contents_async(null, (obj, res) => { + let [success, contents] = obj.load_contents_finish(res); + + if (success) { + resolve(contents); + } + else { + reject( + new Error('Clipboard Indicator: could not read image file from cache') + ); + } + })); + } } return new ClipboardEntry(mimetype, bytes, favorite);