summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-02-05 13:07:58 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-02-05 13:07:58 +0100
commite021cb5c71464de14aa332ec013501e9a37038f7 (patch)
treeaf8f63ea32effe141297a835af67435b989c671c
parent2d652d1c355c8bdde03a6c278b5b7b444424e394 (diff)
downloadUXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar
UXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar.gz
UXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar.lz
UXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar.xz
UXP-e021cb5c71464de14aa332ec013501e9a37038f7.zip
Avoid drag-and-drop of javascript: URIs
-rwxr-xr-xbrowser/base/content/browser.js2
-rw-r--r--browser/base/content/urlbarBindings.xml53
2 files changed, 34 insertions, 21 deletions
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 7aaaa09aa..5a54dcc58 100755
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -5688,7 +5688,7 @@ function middleMousePaste(event) {
function stripUnsafeProtocolOnPaste(pasteData) {
// Don't allow pasting javascript URIs since we don't support
// LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL for those.
- return pasteData.replace(/^(?:\s*javascript:)+/i, "");
+ return pasteData.replace(/\r?\n/g, "").replace(/^(?:\s*javascript:)+/i, "");
}
// handleDroppedLink has the following 2 overloads:
diff --git a/browser/base/content/urlbarBindings.xml b/browser/base/content/urlbarBindings.xml
index 84ed693ff..689c7c5a7 100644
--- a/browser/base/content/urlbarBindings.xml
+++ b/browser/base/content/urlbarBindings.xml
@@ -701,38 +701,51 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
]]></body>
</method>
- <method name="onDragOver">
- <parameter name="aEvent"/>
- <body>
- var types = aEvent.dataTransfer.types;
- if (types.includes("application/x-moz-file") ||
- types.includes("text/x-moz-url") ||
- types.includes("text/uri-list") ||
- types.includes("text/unicode"))
- aEvent.preventDefault();
- </body>
- </method>
-
- <method name="onDrop">
+ <method name="_getDroppableLink">
<parameter name="aEvent"/>
<body><![CDATA[
let links = browserDragAndDrop.dropLinks(aEvent);
-
// The URL bar automatically handles inputs with newline characters,
// so we can get away with treating text/x-moz-url flavours as text/plain.
if (links.length > 0 && links[0].url) {
- let url = links[0].url;
aEvent.preventDefault();
- this.value = url;
- SetPageProxyState("invalid");
- this.focus();
+ let url = links[0].url;
+ let strippedURL = stripUnsafeProtocolOnPaste(url);
+ if (strippedURL != url) {
+ aEvent.stopImmediatePropagation();
+ return null;
+ }
try {
urlSecurityCheck(url,
gBrowser.contentPrincipal,
Ci.nsIScriptSecurityManager.DISALLOW_INHERIT_PRINCIPAL);
} catch (ex) {
- return;
+ return null;
}
+ return url;
+ }
+ return null;
+ ]]></body>
+ </method>
+
+ <method name="onDragOver">
+ <parameter name="aEvent"/>
+ <body><![CDATA[
+ // We don't need the link here, so we ignore the return value.
+ if (!this._getDroppableLink(aEvent)) {
+ aEvent.dataTransfer.dropEffect = "none";
+ }
+ ]]></body>
+ </method>
+
+ <method name="onDrop">
+ <parameter name="aEvent"/>
+ <body><![CDATA[
+ let url = this._getDroppableLink(aEvent);
+ if (url) {
+ this.value = url;
+ SetPageProxyState("invalid");
+ this.focus();
this.handleCommand();
// Force not showing the dropped URI immediately.
gBrowser.userTypedValue = null;
@@ -932,7 +945,7 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
// Unfortunately we're not allowed to set the bits being pasted
// so cancel this event:
aEvent.preventDefault();
- aEvent.stopPropagation();
+ aEvent.stopImmediatePropagation();
this.inputField.value = oldStart + pasteData + oldEnd;
// Fix up cursor/selection: