Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #1346 from notmasteryet/verifyname-2

Verify the names parameter in fontLoaderPrepareFontLoadEvent
  • Loading branch information...
commit 2c5de00ef3b24e7bbfdf7d7f8e96151b44368bc0 2 parents b31ef0f + 2508d2c
@brendandahl brendandahl authored
Showing with 6 additions and 0 deletions.
  1. +6 −0 src/fonts.js
View
6 src/fonts.js
@@ -500,6 +500,12 @@ var FontLoader = {
// The postMessage() hackery was added to work around chrome bug
// 82402.
+ // Validate the names parameter -- the values can used to construct HTML.
+ if (!/^\w+$/.test(names.join(''))) {
+ error('Invalid font name(s): ' + names.join());
+ return; // Keep the return in case if error() did not throw.
+ }
+
var div = document.createElement('div');
div.setAttribute('style',
'visibility: hidden;' +
Please sign in to comment.
Something went wrong with that request. Please try again.