From 664f7de54097c799b25979cd2af5141fd36f7e66 Mon Sep 17 00:00:00 2001 From: Jonas Jenwald Date: Mon, 30 Mar 2020 12:28:57 +0200 Subject: [PATCH] Change `Font.exportData` to use an explicit white-list of exportable properties This patch addresses an existing, and very long standing, TODO in the code such that it's no longer possible to send arbitrary/unnecessary font properties to the main-thread. Furthermore, by having a white-list it's also very easy to see *exactly* which font properties are being exported. Please note that in its current form, the list of exported properties contains *every* possible enumerable property that may exist in a `Font` instance. In practice no single font will contain *all* of these properties, and e.g. embedded/non-embedded/Type3 fonts will all differ slightly with respect to what properties are being defined. Hence why only explicitly set properties are included in the exported data, to avoid half of them being `undefined`, which however should not be a problem for any existing consumer (since they'd already need to handle those cases). Since a fair number of these font properties are completely *internal* functionality, and doesn't make any sense to expose on the main-thread and/or in the API, follow-up patch(es) will be required to trim down the list. (I purposely included all properties here for brevity and future documentation purposes.) --- src/core/fonts.js | 57 ++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 51 insertions(+), 6 deletions(-) diff --git a/src/core/fonts.js b/src/core/fonts.js index c21387c45..20fa51224 100644 --- a/src/core/fonts.js +++ b/src/core/fonts.js @@ -87,6 +87,49 @@ var PDF_GLYPH_SPACE_UNITS = 1000; // custom one. Windows just refuses to draw glyphs with seac operators. var SEAC_ANALYSIS_ENABLED = true; +const EXPORT_DATA_PROPERTIES = [ + "_shadowWidth", + "ascent", + "bbox", + "black", + "bold", + "cMap", + "charProcOperatorList", + "charsCache", + "cidEncoding", + "composite", + "data", + "defaultEncoding", + "defaultVMetrics", + "defaultWidth", + "descent", + "differences", + "fallbackName", + "fallbackToUnicode", + "fontMatrix", + "fontType", + "glyphCache", + "isMonospace", + "isOpenType", + "isSerifFont", + "isSymbolicFont", + "isType3Font", + "italic", + "loadedName", + "mimetype", + "missingFile", + "name", + "remeasure", + "seacMap", + "subtype", + "toFontChar", + "toUnicode", + "type", + "vertical", + "vmetrics", + "widths", +]; + var FontFlags = { FixedPitch: 1, Serif: 2, @@ -1258,12 +1301,14 @@ var Font = (function FontClosure() { return shadow(this, "renderer", renderer); }, - exportData: function Font_exportData() { - // TODO remove enumerating of the properties, e.g. hardcode exact names. - var data = {}; - for (var i in this) { - if (this.hasOwnProperty(i)) { - data[i] = this[i]; + exportData() { + const data = Object.create(null); + let property, value; + for (property of EXPORT_DATA_PROPERTIES) { + value = this[property]; + // Ignore properties that haven't been explicitly set. + if (value !== undefined) { + data[property] = value; } } return data;