mirror of
https://github.com/zen-browser/pdf.js.git
synced 2025-07-09 09:45:42 +02:00
Merge pull request #6753 from yurydelendik/cdn-worker
Wraps worker script if its cross-origin location is detected.
This commit is contained in:
Brendan Dahl
commit
252b9d5910
2 changed files with 33 additions and 0 deletions
|
|
@ -293,6 +293,21 @@ function combineUrl(baseUrl, url) {
|
|||
return new URL(url, baseUrl).href;
|
||||
}
|
||||
|
||||
// Checks if URLs have the same origin. For non-HTTP based URLs, returns false.
|
||||
function isSameOrigin(baseUrl, otherUrl) {
|
||||
try {
|
||||
var base = new URL(baseUrl);
|
||||
if (!base.origin || base.origin === 'null') {
|
||||
return false; // non-HTTP url
|
||||
}
|
||||
} catch (e) {
|
||||
return false;
|
||||
}
|
||||
|
||||
var other = new URL(otherUrl, base);
|
||||
return base.origin === other.origin;
|
||||
}
|
||||
|
||||
// Validates if URL is safe and allowed, e.g. to avoid XSS.
|
||||
function isValidUrl(url, allowRelative) {
|
||||
if (!url) {
|
||||
|
|
@ -2349,6 +2364,7 @@ exports.isExternalLinkTargetSet = isExternalLinkTargetSet;
|
|||
exports.isInt = isInt;
|
||||
exports.isNum = isNum;
|
||||
exports.isString = isString;
|
||||
exports.isSameOrigin = isSameOrigin;
|
||||
exports.isValidUrl = isValidUrl;
|
||||
exports.addLinkAttributes = addLinkAttributes;
|
||||
exports.loadJpegStream = loadJpegStream;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue