Restrict font loads to known MIME types.

This commit is contained in:
Josh Matthews 2015-10-25 11:46:33 -04:00
parent 1e81b8c133
commit e17e553f04
6 changed files with 39 additions and 2 deletions

View file

@ -5,6 +5,7 @@
use font_template::{FontTemplate, FontTemplateDescriptor};
use ipc_channel::ipc::{self, IpcReceiver, IpcSender};
use ipc_channel::router::ROUTER;
use mime::{TopLevel, SubLevel};
use net_traits::{AsyncResponseTarget, LoadContext, PendingAsyncLoad, ResourceTask, ResponseAction};
use platform::font_context::FontContextHandle;
use platform::font_list::for_each_available_family;
@ -168,15 +169,31 @@ impl FontCache {
let channel_to_self = self.channel_to_self.clone();
let url = (*url).clone();
let bytes = Mutex::new(Vec::new());
let response_valid = Mutex::new(false);
ROUTER.add_route(data_receiver.to_opaque(), box move |message| {
let response: ResponseAction = message.to().unwrap();
match response {
ResponseAction::HeadersAvailable(_) |
ResponseAction::HeadersAvailable(metadata) => {
let is_response_valid =
metadata.content_type.as_ref().map_or(false, |content_type| {
let mime = &content_type.0;
is_supported_font_type(&mime.0, &mime.1)
});
info!("{} font with MIME type {:?}",
if is_response_valid { "Loading" } else { "Ignoring" },
metadata.content_type);
*response_valid.lock().unwrap() = is_response_valid;
}
ResponseAction::ResponseComplete(Err(_)) => {}
ResponseAction::DataAvailable(new_bytes) => {
bytes.lock().unwrap().extend(new_bytes.into_iter())
if *response_valid.lock().unwrap() {
bytes.lock().unwrap().extend(new_bytes.into_iter())
}
}
ResponseAction::ResponseComplete(Ok(_)) => {
if !*response_valid.lock().unwrap() {
return;
}
let mut bytes = bytes.lock().unwrap();
let bytes = mem::replace(&mut *bytes, Vec::new());
let command =
@ -369,3 +386,18 @@ impl FontCacheTask {
response_port.recv().unwrap();
}
}
// derived from http://stackoverflow.com/a/10864297/3830
fn is_supported_font_type(toplevel: &TopLevel, sublevel: &SubLevel) -> bool {
match (toplevel, sublevel) {
(&TopLevel::Application, &SubLevel::Ext(ref ext)) => {
match &ext[..] {
//FIXME: once sniffing is enabled by default, we shouldn't need nonstandard
// MIME types here.
"font-sfnt" | "x-font-ttf" | "x-font-truetype" | "x-font-opentype" => true,
_ => false,
}
}
_ => false,
}
}