summaryrefslogtreecommitdiffstats
path: root/dom
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-05-26 17:55:44 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-05-27 14:32:22 +0200
commit94431935bc483b0a3ccf0ede011b51c2be6737f3 (patch)
tree5e015958221199644d0de0204746dc1f2a70a1ef /dom
parenta266cd86b52f13523db490e8c281511b7ced693b (diff)
downloadUXP-94431935bc483b0a3ccf0ede011b51c2be6737f3.tar
UXP-94431935bc483b0a3ccf0ede011b51c2be6737f3.tar.gz
UXP-94431935bc483b0a3ccf0ede011b51c2be6737f3.tar.lz
UXP-94431935bc483b0a3ccf0ede011b51c2be6737f3.tar.xz
UXP-94431935bc483b0a3ccf0ede011b51c2be6737f3.zip
[places] Prevent some abuse of smart queries.
Diffstat (limited to 'dom')
-rw-r--r--dom/events/DataTransfer.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/dom/events/DataTransfer.cpp b/dom/events/DataTransfer.cpp
index 40a0f42e6..35e80fea4 100644
--- a/dom/events/DataTransfer.cpp
+++ b/dom/events/DataTransfer.cpp
@@ -39,6 +39,7 @@
#include "mozilla/dom/OSFileSystem.h"
#include "mozilla/dom/Promise.h"
#include "nsNetUtil.h"
+#include "nsReadableUtils.h"
namespace mozilla {
namespace dom {
@@ -644,6 +645,13 @@ DataTransfer::PrincipalMaySetData(const nsAString& aType,
NS_WARNING("Disallowing adding x-moz-file or x-moz-file-promize types to DataTransfer");
return false;
}
+
+ // Disallow content from creating x-moz-place flavors, so that it cannot
+ // create fake Places smart queries exposing user data.
+ if (StringBeginsWith(aType, NS_LITERAL_STRING("text/x-moz-place"))) {
+ NS_WARNING("Disallowing adding moz-place types to DataTransfer");
+ return false;
+ }
}
return true;
}