Skip to content
Browse files

Add protection against malicious code in font loader.

  • Loading branch information...
1 parent eb4ec78 commit ed2bcf0ffa25dbd470d817ef8cc7118bb83f5978 @kkujala committed Mar 20, 2012
Showing with 6 additions and 1 deletion.
  1. +6 −1 src/fonts.js
View
7 src/fonts.js
@@ -494,9 +494,14 @@ var FontLoader = {
// 82402.
// Validate the names parameter -- the values can used to construct HTML.
- if (!/^\w+$/.test(names.join('')))
+ if (!/^\w+$/.test(names.join(''))) {
error('Invalid font name(s): ' + names.join());
+ // Normally the error-function throws. But if a malicious code
+ // intercepts the function call then the return is needed.
+ return;
+ }
+
var div = document.createElement('div');
div.setAttribute('style',
'visibility: hidden;' +

0 comments on commit ed2bcf0

Please sign in to comment.
Something went wrong with that request. Please try again.