mirror of
https://github.com/vector-im/hydrogen-web.git
synced 2024-11-20 03:25:52 +01:00
Merge pull request #1074 from vector-im/bwindels/expose-create-blob-method-without-filter
expose method on BlobHandle to create a handle without mimetype filtering
This commit is contained in:
commit
a87edcf99e
@ -300,7 +300,8 @@ export class Platform {
|
|||||||
const file = input.files[0];
|
const file = input.files[0];
|
||||||
this._container.removeChild(input);
|
this._container.removeChild(input);
|
||||||
if (file) {
|
if (file) {
|
||||||
resolve({name: file.name, blob: BlobHandle.fromBlob(file)});
|
// ok to not filter mimetypes as these are local files
|
||||||
|
resolve({name: file.name, blob: BlobHandle.fromBlobUnsafe(file)});
|
||||||
} else {
|
} else {
|
||||||
resolve();
|
resolve();
|
||||||
}
|
}
|
||||||
|
@ -76,7 +76,7 @@ const DEFAULT_MIMETYPE = 'application/octet-stream';
|
|||||||
export class BlobHandle {
|
export class BlobHandle {
|
||||||
/**
|
/**
|
||||||
* @internal
|
* @internal
|
||||||
* Don't use the constructor directly, instead use fromBuffer, fromBlob or fromBufferUnsafe
|
* Don't use the constructor directly, instead use fromBuffer or fromBlobUnsafe
|
||||||
* */
|
* */
|
||||||
constructor(blob, buffer = null) {
|
constructor(blob, buffer = null) {
|
||||||
this._blob = blob;
|
this._blob = blob;
|
||||||
@ -84,13 +84,6 @@ export class BlobHandle {
|
|||||||
this._url = null;
|
this._url = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Does not filter out mimetypes that could execute embedded javascript.
|
|
||||||
* It's up to the callee of this method to ensure that the blob won't be
|
|
||||||
* rendered by the browser in a way that could allow cross-signing scripting. */
|
|
||||||
static fromBufferUnsafe(buffer, mimetype) {
|
|
||||||
return new BlobHandle(new Blob([buffer], {type: mimetype}), buffer);
|
|
||||||
}
|
|
||||||
|
|
||||||
static fromBuffer(buffer, mimetype) {
|
static fromBuffer(buffer, mimetype) {
|
||||||
mimetype = mimetype ? mimetype.split(";")[0].trim() : '';
|
mimetype = mimetype ? mimetype.split(";")[0].trim() : '';
|
||||||
if (!ALLOWED_BLOB_MIMETYPES[mimetype]) {
|
if (!ALLOWED_BLOB_MIMETYPES[mimetype]) {
|
||||||
@ -99,8 +92,10 @@ export class BlobHandle {
|
|||||||
return new BlobHandle(new Blob([buffer], {type: mimetype}), buffer);
|
return new BlobHandle(new Blob([buffer], {type: mimetype}), buffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
static fromBlob(blob) {
|
/** Does not filter out mimetypes that could execute embedded javascript.
|
||||||
// ok to not filter mimetypes as these are local files
|
* It's up to the callee of this method to ensure that the blob won't be
|
||||||
|
* rendered by the browser in a way that could allow cross-signing scripting. */
|
||||||
|
static fromBlobUnsafe(blob) {
|
||||||
return new BlobHandle(blob);
|
return new BlobHandle(blob);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,7 +64,8 @@ export class ImageHandle {
|
|||||||
} else {
|
} else {
|
||||||
throw new Error("canvas can't be turned into blob");
|
throw new Error("canvas can't be turned into blob");
|
||||||
}
|
}
|
||||||
const blob = BlobHandle.fromBlob(nativeBlob);
|
// unsafe is ok because it's a jpeg or png image
|
||||||
|
const blob = BlobHandle.fromBlobUnsafe(nativeBlob);
|
||||||
return new ImageHandle(blob, scaledWidth, scaledHeight, null);
|
return new ImageHandle(blob, scaledWidth, scaledHeight, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user