• Federico Mena Quintero's avatar
    rsvg_defs_lookup(): Do not allow looking up extern references · 3559b3e6
    Federico Mena Quintero authored
    This function gets called directly from the public API, and a calling
    application should not be allowed to lookup an element with a name
    like "some-random-file#element_id", that is, the app should not be
    able to cause files to be read if they are not within the set of
    resources that the SVG actually references.
    
    The test is robust (only fragment IDs without a URL are allowed), but
    will inadvertently print a g_warning if someone runs rsvg-convert like
    
        rsvg-convert -i 'foo#bar' -o x.png x.svg
    
    We may be able to get rid of that g_warning once the public API is
    implemented in Rust, so it can have access to the URL parsing machinery.
    3559b3e6
Name
Last commit
Last update
doc Loading commit data...
gdk-pixbuf-loader Loading commit data...
librsvg Loading commit data...
m4 Loading commit data...
rsvg_internals Loading commit data...
tests Loading commit data...
tools Loading commit data...
win32 Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
.rustfmt.toml Loading commit data...
ARCHITECTURE.md Loading commit data...
AUTHORS Loading commit data...
COMPILING.md Loading commit data...
CONTRIBUTING.md Loading commit data...
COPYING Loading commit data...
COPYING.LIB Loading commit data...
Cargo.lock Loading commit data...
Cargo.toml Loading commit data...
ChangeLog.old Loading commit data...
INSTALL Loading commit data...
MAINTAINERS Loading commit data...
Makefile.am Loading commit data...
NEWS Loading commit data...
README.md Loading commit data...
Rsvg-2.0-custom.vala Loading commit data...
Rsvg-2.0.metadata Loading commit data...
acinclude.m4 Loading commit data...
appveyor.yml Loading commit data...
autogen.sh Loading commit data...
cargo-vendor-config Loading commit data...
code-of-conduct.md Loading commit data...
config.h.win32.in Loading commit data...
configure.ac Loading commit data...
glib-tap.mk Loading commit data...
librsvg-uninstalled.pc.in Loading commit data...
librsvg-zip.in Loading commit data...
librsvg.doap Loading commit data...
librsvg.pc.in Loading commit data...
rsvg-convert.1 Loading commit data...
rsvg-convert.c Loading commit data...
rsvg-view.c Loading commit data...
rsvg.symbols Loading commit data...
tap-driver.sh Loading commit data...
tap-test Loading commit data...