From 6b3862f34a62dd318836e701a96ab819a3d4ebb7 Mon Sep 17 00:00:00 2001
From: Michael Nutt <michael@nuttnet.net>
Date: Wed, 23 Nov 2022 19:56:03 -0500
Subject: [PATCH] fix: ensure font serving does not reflect userdata-derived
 errors as HTML

Signed-off-by: Michael Nutt <michael@nuttnet.net>
---
 src/serve_data.js     | 5 ++++-
 src/serve_font.js     | 2 +-
 src/serve_rendered.js | 5 ++++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/serve_data.js b/src/serve_data.js
index 1c8a70b..e3cb6ca 100644
--- a/src/serve_data.js
+++ b/src/serve_data.js
@@ -54,7 +54,10 @@ export const serve_data = {
             if (/does not exist/.test(err.message)) {
               return res.status(204).send();
             } else {
-              return res.status(500).send(err.message);
+              return res
+                .status(500)
+                .header('Content-Type', 'text/plain')
+                .send(err.message);
             }
           } else {
             if (data == null) {
diff --git a/src/serve_font.js b/src/serve_font.js
index 1c63f01..f03d8f5 100644
--- a/src/serve_font.js
+++ b/src/serve_font.js
@@ -54,7 +54,7 @@ export const serve_font = (options, allowedFonts) => {
         res.header('Last-Modified', lastModified);
         return res.send(concated);
       },
-      (err) => res.status(400).send(err),
+      (err) => res.status(400).header('Content-Type', 'text/plain').send(err),
     );
   });
 
diff --git a/src/serve_rendered.js b/src/serve_rendered.js
index c63cd2f..53cd5d2 100644
--- a/src/serve_rendered.js
+++ b/src/serve_rendered.js
@@ -661,7 +661,10 @@ export const serve_rendered = {
           pool.release(renderer);
           if (err) {
             console.error(err);
-            return res.status(500).send(err);
+            return res
+              .status(500)
+              .header('Content-Type', 'text/plain')
+              .send(err);
           }
 
           // Fix semi-transparent outlines on raw, premultiplied input