Make the url bar strip javascript even when preceded by control characters

author: wolfbeast <mcwerewolf@gmail.com> 2017-11-22 12:47:05 +0100
committer: wolfbeast <mcwerewolf@gmail.com> 2018-02-08 21:12:36 +0100
commit: a2e0f637b2f614440219993dd425cead09945b9b (patch)
tree: ff3ba132643642329b40e367f336974ed28ef6d5 /browser/base
parent: 85083fce2da7a270e324fd951b7f3d03a50aef1b (diff)
download: UXP-a2e0f637b2f614440219993dd425cead09945b9b.tar
UXP-a2e0f637b2f614440219993dd425cead09945b9b.tar.gz
UXP-a2e0f637b2f614440219993dd425cead09945b9b.tar.lz
UXP-a2e0f637b2f614440219993dd425cead09945b9b.tar.xz
UXP-a2e0f637b2f614440219993dd425cead09945b9b.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 5a54dcc58..d813a55cc 100755
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -5688,7 +5688,7 @@ function middleMousePaste(event) {
 function stripUnsafeProtocolOnPaste(pasteData) {
   // Don't allow pasting javascript URIs since we don't support
   // LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL for those.
-  return pasteData.replace(/\r?\n/g, "").replace(/^(?:\s*javascript:)+/i, "");
+  return pasteData.replace(/\r?\n/g, "").replace(/^(?:\W*javascript:)+/i, "");
 }
 
 // handleDroppedLink has the following 2 overloads:
author	wolfbeast <mcwerewolf@gmail.com>	2017-11-22 12:47:05 +0100
committer	wolfbeast <mcwerewolf@gmail.com>	2018-02-08 21:12:36 +0100
commit	a2e0f637b2f614440219993dd425cead09945b9b (patch)
tree	ff3ba132643642329b40e367f336974ed28ef6d5 /browser/base
parent	85083fce2da7a270e324fd951b7f3d03a50aef1b (diff)
download	UXP-a2e0f637b2f614440219993dd425cead09945b9b.tar UXP-a2e0f637b2f614440219993dd425cead09945b9b.tar.gz UXP-a2e0f637b2f614440219993dd425cead09945b9b.tar.lz UXP-a2e0f637b2f614440219993dd425cead09945b9b.tar.xz UXP-a2e0f637b2f614440219993dd425cead09945b9b.zip