Thread: Bug Fix 1857800
View Single Post
Old 01-08-2020, 04:18 AM   #4
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 45,435
Karma: 27757438
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
The problem was in lxml https://bugs.launchpad.net/lxml/+bug/1742885

which calibre uses to parse EPUB files. It allows injection of arbitrary file content into the parsed EPUB. The parsed EPUB in turn can have javascript which is run in the viewer (in a sandbox), and that javascript can access the parsed content despite being sandoxed because it is part of the parsed book contents.
kovidgoyal is offline   Reply With Quote