summaryrefslogtreecommitdiffstats
path: root/dom/events
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-05-26 17:55:44 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-05-26 17:55:44 +0200
commit5b5743eeeb799cfcbb7386a36fc92dd3c31ac678 (patch)
treeb7b2248347b432c44cca463f3ba342616d676e5b /dom/events
parenta38cc1a2f5177ea18b4c2c3e260e527250283c57 (diff)
downloadUXP-5b5743eeeb799cfcbb7386a36fc92dd3c31ac678.tar
UXP-5b5743eeeb799cfcbb7386a36fc92dd3c31ac678.tar.gz
UXP-5b5743eeeb799cfcbb7386a36fc92dd3c31ac678.tar.lz
UXP-5b5743eeeb799cfcbb7386a36fc92dd3c31ac678.tar.xz
UXP-5b5743eeeb799cfcbb7386a36fc92dd3c31ac678.zip
[places] Prevent some abuse of smart queries.
Diffstat (limited to 'dom/events')
-rw-r--r--dom/events/DataTransfer.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/dom/events/DataTransfer.cpp b/dom/events/DataTransfer.cpp
index 40a0f42e6..35e80fea4 100644
--- a/dom/events/DataTransfer.cpp
+++ b/dom/events/DataTransfer.cpp
@@ -39,6 +39,7 @@
#include "mozilla/dom/OSFileSystem.h"
#include "mozilla/dom/Promise.h"
#include "nsNetUtil.h"
+#include "nsReadableUtils.h"
namespace mozilla {
namespace dom {
@@ -644,6 +645,13 @@ DataTransfer::PrincipalMaySetData(const nsAString& aType,
NS_WARNING("Disallowing adding x-moz-file or x-moz-file-promize types to DataTransfer");
return false;
}
+
+ // Disallow content from creating x-moz-place flavors, so that it cannot
+ // create fake Places smart queries exposing user data.
+ if (StringBeginsWith(aType, NS_LITERAL_STRING("text/x-moz-place"))) {
+ NS_WARNING("Disallowing adding moz-place types to DataTransfer");
+ return false;
+ }
}
return true;
}