bug 280056 prevent javascript: url dropping r=jst, sr=mkaply

2024-09-13 09:24:08 -07:00 · 2007-08-21 21:59:54 -07:00 · 2007-08-21 21:59:54 -07:00 · bc8e29d6c3
commit bc8e29d6c3
parent b4e30f1930
1 changed files with 4 additions and 2 deletions
--- a/browser/base/content/tabbrowser.xml
+++ b/browser/base/content/tabbrowser.xml
@ -1305,8 +1305,10 @@
          <![CDATA[
            var url = transferUtils.retrieveURLFromData(aXferData.data, aXferData.flavour.contentType);

-            // valid urls don't contain spaces ' '; if we have a space it isn't a valid url so bail out
-            if (!url || !url.length || url.indexOf(" ", 0) != -1)
+            // valid urls don't contain spaces ' '; if we have a space it isn't a valid url.
+            // Also disallow dropping javascript: or data: urls--bail out
+            if (!url || !url.length || url.indexOf(" ", 0) != -1 ||
+                /^\s*(javascript|data):/.test(url))
              return;

            var bgLoad = this.mPrefs.getBoolPref("browser.tabs.loadInBackground");