imterah/element-portable
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use data:// URI rather than blob: URI to avoid XSS

Browse source
This commit is contained in:
Mark Haines 2016-11-04 15:39:39 +00:00
parent 6ea0085290
commit 8f778f54fd
5 changed files with 37 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/utils/DecryptFile.js
View file

@ -22,6 +22,26 @@ var encrypt = require("browser-encrypt-attachment");
require("isomorphic-fetch");
// Grab the client so that we can turn mxc:// URLs into https:// URLS.
var MatrixClientPeg = require('../MatrixClientPeg');
var q = require('q');
/**
* Read blob as a data:// URI.
* @return {Promise} A promise that resolves with the data:// URI.
*/
function readBlobAsDataUri(file) {
var deferred = q.defer();
var reader = new FileReader();
reader.onload = function(e) {
deferred.resolve(e.target.result);
};
reader.onerror = function(e) {
deferred.reject(e);
};
reader.readAsDataURL(file);
return deferred.promise;
}
export function decryptFile(file) {
@ -37,6 +57,6 @@ export function decryptFile(file) {
}).then(function(dataArray) {
// Turn the array into a Blob and give it the correct MIME-type.
var blob = new Blob([dataArray], {type: file.mimetype});
return blob;
return readBlobAsDataUri(blob);
});
}