From a913fbb841b1a88e1b04a2a91bb76d9a11c2da8c Mon Sep 17 00:00:00 2001
From: Bruno Windels <274386+bwindels@users.noreply.github.com>
Date: Thu, 6 Apr 2023 15:20:03 +0200
Subject: [PATCH] Merge pull request #1073 from
 vector-im/bwindels/export-blobhandle-sdk

export BlobHandle and add method to create handle from buffer
---
 src/lib.ts                         |  1 +
 src/platform/web/dom/BlobHandle.js | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/src/lib.ts b/src/lib.ts
index c7a1cd321d..238fd85afa 100644
--- a/src/lib.ts
+++ b/src/lib.ts
@@ -21,6 +21,7 @@ export {ConsoleReporter} from "./logging/ConsoleReporter";
 export {Platform} from "./platform/web/Platform.js";
 export {FeatureSet, FeatureFlag} from "./features.js";
 export {Client, LoadStatus, LoginFailure} from "./matrix/Client.js";
+export {BlobHandle} from "./platform/web/dom/BlobHandle";
 export {RoomStatus} from "./matrix/room/common";
 export {AttachmentUpload} from "./matrix/room/AttachmentUpload";
 export {CallIntent} from "./matrix/calls/callEventTypes";
diff --git a/src/platform/web/dom/BlobHandle.js b/src/platform/web/dom/BlobHandle.js
index 32dd94c0e2..932fa53c5c 100644
--- a/src/platform/web/dom/BlobHandle.js
+++ b/src/platform/web/dom/BlobHandle.js
@@ -74,12 +74,23 @@ const ALLOWED_BLOB_MIMETYPES = {
 const DEFAULT_MIMETYPE = 'application/octet-stream';
 
 export class BlobHandle {
+    /** 
+     * @internal
+     * Don't use the constructor directly, instead use fromBuffer, fromBlob or fromBufferUnsafe
+     * */
     constructor(blob, buffer = null) {
         this._blob = blob;
         this._buffer = buffer;
         this._url = null;
     }
 
+    /** Does not filter out mimetypes that could execute embedded javascript.
+     * It's up to the callee of this method to ensure that the blob won't be
+     * rendered by the browser in a way that could allow cross-signing scripting. */
+    static fromBufferUnsafe(buffer, mimetype) {
+        return new BlobHandle(new Blob([buffer], {type: mimetype}), buffer);
+    }
+
     static fromBuffer(buffer, mimetype) {
         mimetype = mimetype ? mimetype.split(";")[0].trim() : '';
         if (!ALLOWED_BLOB_MIMETYPES[mimetype]) {