Skip to content

Commit

Permalink
Add openBase64File postMessage support
Browse files Browse the repository at this point in the history
  • Loading branch information
williamchong committed Apr 22, 2024
1 parent 86bf813 commit 044525a
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions web/app.js
Original file line number Diff line number Diff line change
Expand Up @@ -2008,6 +2008,7 @@ const PDFViewerApplication = {
window.addEventListener("click", webViewerClick);
window.addEventListener("keydown", webViewerKeyDown);
window.addEventListener("keyup", webViewerKeyUp);
window.addEventListener("message", webViewerPostMessage);
window.addEventListener("resize", _boundEvents.windowResize);
window.addEventListener("hashchange", _boundEvents.windowHashChange);
window.addEventListener("beforeprint", _boundEvents.windowBeforePrint);
Expand Down Expand Up @@ -2138,6 +2139,7 @@ const PDFViewerApplication = {
window.removeEventListener("click", webViewerClick);
window.removeEventListener("keydown", webViewerKeyDown);
window.removeEventListener("keyup", webViewerKeyUp);
window.removeEventListener("message", webViewerPostMessage);
window.removeEventListener("resize", _boundEvents.windowResize);
window.removeEventListener("hashchange", _boundEvents.windowHashChange);
window.removeEventListener("beforeprint", _boundEvents.windowBeforePrint);
Expand Down Expand Up @@ -3309,6 +3311,24 @@ function webViewerKeyDown(evt) {
}
}

function webViewerPostMessage(evt) {

Check warning

Code scanning / CodeQL

Missing origin verification in `postMessage` handler Medium

Postmessage handler has no origin check.
if (evt && evt.data && typeof evt.data === "string") {
try {
const { action, data } = JSON.parse(evt.data);
switch (action) {
case "openBase64File":
PDFViewerApplication.open({
data: atob(data.data),
originalUrl: data.name,
});
break;
}
} catch (ex) {
console.error(`webViewerPostMessage: ${ex}`);
}
}
}

function beforeUnload(evt) {
evt.preventDefault();
evt.returnValue = "";
Expand Down

0 comments on commit 044525a

Please sign in to comment.