mirrors/pdf.js
1
0
Fork 0
mirror of https://github.com/mozilla/pdf.js.git synced 2025-04-26 10:08:06 +02:00
Code Activity

Protect against a malicious setDatabase. Remove unneeded save data.

Browse source
This commit is contained in:
Brendan Dahl 2012-02-06 21:04:53 -08:00
parent 7a17676b06
commit 9a1741f466
2 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
extensions/firefox/components/PdfStreamConverter.js
View file

@ -48,6 +48,9 @@ ChromeActions.prototype = {
setDatabase: function(data) {
if (this.inPrivateBrowswing)
return;
// Protect against something sending tons of data to setDatabase.
if (data.length > 4096)
return;
application.prefs.setValue(EXT_PREFIX + '.database', data);
},
getDatabase: function() {
@ -142,7 +145,7 @@ PdfStreamConverter.prototype = {
// Setup a global listener waiting for the next DOM to be created and verfiy
// that its the one we want by its URL. When the correct DOM is found create
// an event listener on that window for the pdf.js events that require
// chrome priviledges.
// chrome priviledges. Code snippet from John Galt.
let window = aRequest.loadGroup.groupObserver
.QueryInterface(Ci.nsIWebProgress)
.DOMWindow;