Skip to content

G
gitlab-ce
Commit 02dcecdb authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot
Browse files
Options

Merge branch 'security-55503-fix-pdf-js-vulnerability' into 'master' 

Fix PDF.js vulnerability

See merge request gitlab/gitlabhq!2999
parents 3098259e f0285c2b
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 64846 additions and 46145 deletions
app/assets/javascripts/pdf/index.vue
View file @ 02dcecdb
......@@ -28,7 +28,7 @@ export default {
},
watch: { pdf: 'load' },
mounted() {
pdfjsLib.PDFJS.workerSrc = workerSrc;
pdfjsLib.GlobalWorkerOptions.workerSrc = workerSrc;
if (this.hasPDF) this.load();
},
methods: {
......
changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml 0 → 100644
View file @ 02dcecdb
---
title: Fix PDF.js vulnerability
merge_request:
author:
type: security
spec/javascripts/pdf/index_spec.js
View file @ 02dcecdb
import Vue from 'vue';
import { PDFJS } from 'vendor/pdf';
import { GlobalWorkerOptions } from 'vendor/pdf';
import workerSrc from 'vendor/pdf.worker.min';
import PDFLab from '~/pdf/index.vue';
import pdf from '../fixtures/blob/pdf/test.pdf';
PDFJS.workerSrc = workerSrc;
GlobalWorkerOptions.workerSrc = workerSrc;
const Component = Vue.extend(PDFLab);
describe('PDF component', () => {
......
spec/javascripts/pdf/page_spec.js
View file @ 02dcecdb
......@@ -12,7 +12,7 @@ describe('Page component', () => {
let testPage;
beforeEach(done => {
pdfjsLib.PDFJS.workerSrc = workerSrc;
pdfjsLib.GlobalWorkerOptions.workerSrc = workerSrc;
pdfjsLib
.getDocument(testPDF)
.then(pdf => pdf.getPage(1))
......
vendor/assets/javascripts/pdf.js 100755 → 100644
View file @ 02dcecdb
This diff is collapsed.
vendor/assets/javascripts/pdf.min.js 100755 → 100644
View file @ 02dcecdb
This source diff could not be displayed because it is too large. You can view the blob instead.
vendor/assets/javascripts/pdf.worker.js 100755 → 100644
View file @ 02dcecdb
This diff is collapsed.
vendor/assets/javascripts/pdf.worker.min.js 100755 → 100644
View file @ 02dcecdb
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7