summaryrefslogtreecommitdiffstats
path: root/dom/events
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-06-08 07:48:28 +0000
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-06-08 07:48:28 +0000
commitba9e648ce2705ad1c4679325a9326c47263e2a3e (patch)
tree724cf5101a1b5923c235dc767b355a7b0e906eb7 /dom/events
parentc8300fbd6ae08925736c32f8b02c980ce1531f3f (diff)
parent19c0f5e9ff625c6a67e5e0a08f0a800782168492 (diff)
downloadUXP-ba9e648ce2705ad1c4679325a9326c47263e2a3e.tar
UXP-ba9e648ce2705ad1c4679325a9326c47263e2a3e.tar.gz
UXP-ba9e648ce2705ad1c4679325a9326c47263e2a3e.tar.lz
UXP-ba9e648ce2705ad1c4679325a9326c47263e2a3e.tar.xz
UXP-ba9e648ce2705ad1c4679325a9326c47263e2a3e.zip
Merge branch 'master' into remove-unboxed
Diffstat (limited to 'dom/events')
-rw-r--r--dom/events/DataTransfer.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/dom/events/DataTransfer.cpp b/dom/events/DataTransfer.cpp
index 40a0f42e6..35e80fea4 100644
--- a/dom/events/DataTransfer.cpp
+++ b/dom/events/DataTransfer.cpp
@@ -39,6 +39,7 @@
#include "mozilla/dom/OSFileSystem.h"
#include "mozilla/dom/Promise.h"
#include "nsNetUtil.h"
+#include "nsReadableUtils.h"
namespace mozilla {
namespace dom {
@@ -644,6 +645,13 @@ DataTransfer::PrincipalMaySetData(const nsAString& aType,
NS_WARNING("Disallowing adding x-moz-file or x-moz-file-promize types to DataTransfer");
return false;
}
+
+ // Disallow content from creating x-moz-place flavors, so that it cannot
+ // create fake Places smart queries exposing user data.
+ if (StringBeginsWith(aType, NS_LITERAL_STRING("text/x-moz-place"))) {
+ NS_WARNING("Disallowing adding moz-place types to DataTransfer");
+ return false;
+ }
}
return true;
}