Avoid drag-and-drop of javascript: URIs

author: wolfbeast <mcwerewolf@gmail.com> 2018-02-05 13:07:58 +0100
committer: wolfbeast <mcwerewolf@gmail.com> 2018-02-05 13:07:58 +0100
commit: e021cb5c71464de14aa332ec013501e9a37038f7 (patch)
tree: af8f63ea32effe141297a835af67435b989c671c /browser/base/content/browser.js
parent: 2d652d1c355c8bdde03a6c278b5b7b444424e394 (diff)
download: UXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar
UXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar.gz
UXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar.lz
UXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar.xz
UXP-e021cb5c71464de14aa332ec013501e9a37038f7.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 7aaaa09aa..5a54dcc58 100755
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -5688,7 +5688,7 @@ function middleMousePaste(event) {
 function stripUnsafeProtocolOnPaste(pasteData) {
   // Don't allow pasting javascript URIs since we don't support
   // LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL for those.
-  return pasteData.replace(/^(?:\s*javascript:)+/i, "");
+  return pasteData.replace(/\r?\n/g, "").replace(/^(?:\s*javascript:)+/i, "");
 }
 
 // handleDroppedLink has the following 2 overloads:
author	wolfbeast <mcwerewolf@gmail.com>	2018-02-05 13:07:58 +0100
committer	wolfbeast <mcwerewolf@gmail.com>	2018-02-05 13:07:58 +0100
commit	e021cb5c71464de14aa332ec013501e9a37038f7 (patch)
tree	af8f63ea32effe141297a835af67435b989c671c /browser/base/content/browser.js
parent	2d652d1c355c8bdde03a6c278b5b7b444424e394 (diff)
download	UXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar UXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar.gz UXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar.lz UXP-e021cb5c71464de14aa332ec013501e9a37038f7.tar.xz UXP-e021cb5c71464de14aa332ec013501e9a37038f7.zip