Skip to content

Commit 71ad2db

Browse files
MacabelyHackbrettXXX
Macabely
and
HackbrettXXX
authored
Merge commit from fork
* fix * fix * add regression tests and revert dist changes * prettier --------- Co-authored-by: Lukas Holländer <lukas.hollaender@yworks.com>
1 parent 885a777 commit 71ad2db

2 files changed

Lines changed: 42 additions & 3 deletions

File tree

src/modules/acroform.js

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2143,7 +2143,11 @@ var AcroFormButton = function() {
21432143
return _AS;
21442144
},
21452145
set: function(value) {
2146-
_AS = value;
2146+
var name = value === undefined || value === null ? "" : value.toString();
2147+
if (name.substr(0, 1) === "/") {
2148+
name = name.substr(1);
2149+
}
2150+
_AS = "/" + pdfEscapeName(name);
21472151
}
21482152
});
21492153

@@ -2296,7 +2300,11 @@ var AcroFormChildClass = function() {
22962300
return _AS;
22972301
},
22982302
set: function(value) {
2299-
_AS = value;
2303+
var name = value === undefined || value === null ? "" : value.toString();
2304+
if (name.substr(0, 1) === "/") {
2305+
name = name.substr(1);
2306+
}
2307+
_AS = "/" + pdfEscapeName(name);
23002308
}
23012309
});
23022310

@@ -2313,7 +2321,11 @@ var AcroFormChildClass = function() {
23132321
return _AS.substr(1, _AS.length - 1);
23142322
},
23152323
set: function(value) {
2316-
_AS = "/" + value;
2324+
var name = value === undefined || value === null ? "" : value.toString();
2325+
if (name.substr(0, 1) === "/") {
2326+
name = name.substr(1);
2327+
}
2328+
_AS = "/" + pdfEscapeName(name);
23172329
}
23182330
});
23192331
this.caption = "l";

test/specs/acroform.spec.js

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1162,5 +1162,32 @@ describe("Module: Acroform Integration Test", function() {
11621162
expect(output).not.toContain("/AA <<");
11631163
expect(output).toContain("#2FAA");
11641164
});
1165+
it("escapes malicious input in CheckBox AS", function() {
1166+
var doc = new jsPDF();
1167+
var field = new doc.AcroFormCheckBox();
1168+
field.x = 10; field.y = 10; field.width = 20; field.height = 10;
1169+
doc.addField(field);
1170+
1171+
field.AS = "/Off /AA << /E << /S /JavaScript /JS (app.alert(1)) >> >>";
1172+
1173+
var output = doc.output();
1174+
expect(output).not.toContain("/AA << /E << /S /JavaScript");
1175+
expect(field.AS).toContain("#2FAA");
1176+
});
1177+
1178+
it("escapes malicious input in RadioButton child appearanceState", function() {
1179+
var doc = new jsPDF();
1180+
var group = new doc.AcroFormRadioButton();
1181+
group.x = 10; group.y = 10; group.width = 20; group.height = 10;
1182+
doc.addField(group);
1183+
1184+
var child = group.createOption("opt1");
1185+
child.x = 10; child.y = 10; child.width = 20; child.height = 10;
1186+
child.appearanceState = "Off /AA << /E << /S /JavaScript /JS (app.alert(1)) >> >>";
1187+
1188+
var output = doc.output();
1189+
expect(output).not.toContain("/AA << /E << /S /JavaScript");
1190+
expect(child.AS).toContain("#2FAA");
1191+
});
11651192
});
11661193
});

0 commit comments

Comments
 (0)