Skip to content

Commit

Permalink
pdfjs security fix
Browse files Browse the repository at this point in the history
  • Loading branch information
edemaine committed Jul 10, 2024
1 parent 0e04fd4 commit 67329b9
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ To see every change with descriptions aimed at developers, see
As a continuously updated web app, Coauthor uses dates
instead of version numbers.

## 2024-07-10

* Security fix for pdfjs, fixing [vulnerability to malicious PDF](https://github.com/advisories/GHSA-wgrm-67xf-hhpq)

## 2023-12-21

* You can now select and copy text from PDFs.
Expand Down
4 changes: 3 additions & 1 deletion client/MessagePDF.coffee
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,9 @@ WrappedMessagePDF = React.memo ({file}) ->
unless fileData?
return setProgress 0
size = fileData.length
loader = pdfjs.getDocument urlToInternalFile file
loader = pdfjs.getDocument
url: urlToInternalFile file
isEvalSupported: false
loader.onProgress = (data) ->
setProgress Math.round 100 * data.loaded / size
loader.promise.then (pdfLoaded) ->
Expand Down

0 comments on commit 67329b9

Please sign in to comment.