summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-10-10 06:36:11 +0200
committerGitHub <noreply@github.com>2018-10-10 06:36:11 +0200
commit237f05bcdc3e5e1316b5454a43ffaecd4ff12577 (patch)
treebd0a4b35ccff50c674136b384db18b084317327f
parentbea97848f457fa0b6df515bdf5d2db06fa43c5b8 (diff)
parent791e7540d3a4208b0182f5cc6f26485f62e1594b (diff)
downloadUXP-237f05bcdc3e5e1316b5454a43ffaecd4ff12577.tar
UXP-237f05bcdc3e5e1316b5454a43ffaecd4ff12577.tar.gz
UXP-237f05bcdc3e5e1316b5454a43ffaecd4ff12577.tar.lz
UXP-237f05bcdc3e5e1316b5454a43ffaecd4ff12577.tar.xz
UXP-237f05bcdc3e5e1316b5454a43ffaecd4ff12577.zip
Merge pull request #828 from g4jc/outlook_cve
Fix unwanted navigation from D&D of an Outlook mail message.
-rw-r--r--docshell/base/nsDefaultURIFixup.cpp29
-rw-r--r--docshell/test/unit/test_nsDefaultURIFixup_info.js8
2 files changed, 29 insertions, 8 deletions
diff --git a/docshell/base/nsDefaultURIFixup.cpp b/docshell/base/nsDefaultURIFixup.cpp
index e519720ab..d2876181a 100644
--- a/docshell/base/nsDefaultURIFixup.cpp
+++ b/docshell/base/nsDefaultURIFixup.cpp
@@ -154,6 +154,15 @@ HasUserPassword(const nsACString& aStringURI)
return false;
}
+// Assume that 1 tab is accidental, but more than 1 implies this is
+// supposed to be tab-separated content.
+static bool
+MaybeTabSeparatedContent(const nsCString& aStringURI)
+{
+ auto firstTab = aStringURI.FindChar('\t');
+ return firstTab != kNotFound && aStringURI.RFindChar('\t') != firstTab;
+}
+
NS_IMETHODIMP
nsDefaultURIFixup::GetFixupURIInfo(const nsACString& aStringURI,
uint32_t aFixupFlags,
@@ -168,8 +177,8 @@ nsDefaultURIFixup::GetFixupURIInfo(const nsACString& aStringURI,
// Eliminate embedded newlines, which single-line text fields now allow:
uriString.StripChars("\r\n");
- // Cleanup the empty spaces that might be on each end:
- uriString.Trim(" ");
+ // Cleanup the empty spaces and tabs that might be on each end:
+ uriString.Trim(" \t");
NS_ENSURE_TRUE(!uriString.IsEmpty(), NS_ERROR_FAILURE);
@@ -367,12 +376,16 @@ nsDefaultURIFixup::GetFixupURIInfo(const nsACString& aStringURI,
inputHadDuffProtocol = true;
}
- // NB: this rv gets returned at the end of this method if we never
- // do a keyword fixup after this (because the pref or the flags passed
- // might not let us).
- rv = FixupURIProtocol(uriString, info, getter_AddRefs(uriWithProtocol));
- if (uriWithProtocol) {
- info->mFixedURI = uriWithProtocol;
+ // Note: this rv gets returned at the end of this method if we don't fix up
+ // the protocol and don't do a keyword fixup after this (because the pref
+ // or the flags passed might not let us).
+ rv = NS_OK;
+ // Avoid fixing up content that looks like tab-separated values
+ if (!MaybeTabSeparatedContent(uriString)) {
+ rv = FixupURIProtocol(uriString, info, getter_AddRefs(uriWithProtocol));
+ if (uriWithProtocol) {
+ info->mFixedURI = uriWithProtocol;
+ }
}
// See if it is a keyword
diff --git a/docshell/test/unit/test_nsDefaultURIFixup_info.js b/docshell/test/unit/test_nsDefaultURIFixup_info.js
index c606ac32e..748aaab93 100644
--- a/docshell/test/unit/test_nsDefaultURIFixup_info.js
+++ b/docshell/test/unit/test_nsDefaultURIFixup_info.js
@@ -469,6 +469,14 @@ var testcases = [ {
keywordLookup: true,
protocolChange: true,
affectedByDNSForSingleHosts: true,
+ }, {
+ input: " \t mozilla.org/\t \t ",
+ fixedURI: "http://mozilla.org/",
+ alternateURI: "http://www.mozilla.org/",
+ protocolChange: true,
+ }, {
+ input: " moz\ti\tlla.org ",
+ keywordLookup: true,
}];
if (Services.appinfo.OS.toLowerCase().startsWith("win")) {