diff options
| author | Michael Catanzaro <mcatanzaro@redhat.com> | 2021-12-14 16:46:07 -0600 |
|---|---|---|
| committer | Michael Catanzaro <mcatanzaro@redhat.com> | 2021-12-15 14:41:14 -0600 |
| commit | 8e92921425840d78821bd7984b35a174a21d6da2 (patch) | |
| tree | bc8f47f2ca6e1818ac6d6845ae838452dff74a25 | |
| parent | 18eb795f751757f22c8eac4719ff677cad37df95 (diff) | |
| download | epiphany-8e92921425840d78821bd7984b35a174a21d6da2.tar.gz | |
pdf-handler: properly encode filename before inserting to HTML
The file's name is suggested by the server, and could be malicious. We
don't want it to be able to escape the HTML attribute context.
The file data should already be safe because it is base-64 encoded. Here
I'm just adjusting the code style to match what I've done for the
filename.
Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045>
| -rw-r--r-- | embed/ephy-pdf-handler.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/embed/ephy-pdf-handler.c b/embed/ephy-pdf-handler.c index da10b7e02..bcc226c5f 100644 --- a/embed/ephy-pdf-handler.c +++ b/embed/ephy-pdf-handler.c @@ -23,6 +23,7 @@ #include "ephy-embed-container.h" #include "ephy-embed-shell.h" +#include "ephy-output-encoding.h" #include "ephy-web-view.h" #include <gio/gio.h> @@ -124,8 +125,9 @@ pdf_file_loaded (GObject *source, g_autoptr (GBytes) html_file = NULL; g_autoptr (GError) error = NULL; g_autoptr (GString) html = NULL; - g_autofree gchar *b64 = NULL; g_autofree char *file_data = NULL; + g_autofree char *encoded_file_data = NULL; + g_autofree char *encoded_filename = NULL; gsize len = 0; if (!g_file_load_contents_finish (G_FILE (source), res, &file_data, &len, NULL, &error)) { @@ -134,13 +136,13 @@ pdf_file_loaded (GObject *source, return; } - html_file = g_resources_lookup_data ("/org/gnome/epiphany/pdfjs/web/viewer.html", 0, NULL); - - b64 = g_base64_encode ((const guchar *)file_data, len); g_file_delete_async (G_FILE (source), G_PRIORITY_DEFAULT, NULL, pdf_file_deleted, NULL); - html = g_string_new (""); - g_string_printf (html, g_bytes_get_data (html_file, NULL), b64, self->file_name ? self->file_name : ""); + html = g_string_new (NULL); + html_file = g_resources_lookup_data ("/org/gnome/epiphany/pdfjs/web/viewer.html", 0, NULL); + encoded_file_data = g_base64_encode ((const guchar *)file_data, len); + encoded_filename = self->file_name ? ephy_encode_for_html_attribute (self->file_name) : g_strdup (""); + g_string_printf (html, g_bytes_get_data (html_file, NULL), encoded_file_data, encoded_filename); finish_uri_scheme_request (self, g_strdup (html->str), NULL); } |