akira
/
pdfjs-dist
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

[CRX] Do not load local files in non-local frames 

Ordinarily, local files cannot be embedded in a non-local website. Until
this commit, the extension allowed websites to embed local PDF files on
non-local (e.g. http(s)) websites. This unintended feature is now
disabled, to align better with Chrome's existing security policies
(=local file:-URLs cannot be loaded in a tab unless expicitly allowed).
Rob Wu 10 years ago
parent
7065c1b8e9
commit
2d6b15d0d9
1 changed files with 8 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      web/chromecom.js

8
web/chromecom.js
Unescape View File

@ -113,6 +113,14 @@ var ChromeCom = (function ChromeComClosure() {
}); });
return; return;
} }
if (/^file?:/.test(file)) {
if (top !== window && !/^file:/i.test(location.ancestorOrigins[0])) {
PDFViewerApplication.error('Blocked ' + location.ancestorOrigins[0] +
' from loading ' + file + '. Refused to load a local file in a ' +
' non-local page for security reasons.');
return;
}
}
PDFViewerApplication.open(file, 0); PDFViewerApplication.open(file, 0);
}); });
}; };

Write Preview
Loading…
Cancel
Save