summaryrefslogtreecommitdiffstats
path: root/toolkit/components
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-05-26 17:55:44 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-05-26 17:55:44 +0200
commit5b5743eeeb799cfcbb7386a36fc92dd3c31ac678 (patch)
treeb7b2248347b432c44cca463f3ba342616d676e5b /toolkit/components
parenta38cc1a2f5177ea18b4c2c3e260e527250283c57 (diff)
downloadUXP-5b5743eeeb799cfcbb7386a36fc92dd3c31ac678.tar
UXP-5b5743eeeb799cfcbb7386a36fc92dd3c31ac678.tar.gz
UXP-5b5743eeeb799cfcbb7386a36fc92dd3c31ac678.tar.lz
UXP-5b5743eeeb799cfcbb7386a36fc92dd3c31ac678.tar.xz
UXP-5b5743eeeb799cfcbb7386a36fc92dd3c31ac678.zip
[places] Prevent some abuse of smart queries.
Diffstat (limited to 'toolkit/components')
-rw-r--r--toolkit/components/places/PlacesUtils.jsm10
1 files changed, 6 insertions, 4 deletions
diff --git a/toolkit/components/places/PlacesUtils.jsm b/toolkit/components/places/PlacesUtils.jsm
index fc303ca8a..323fa41a1 100644
--- a/toolkit/components/places/PlacesUtils.jsm
+++ b/toolkit/components/places/PlacesUtils.jsm
@@ -908,6 +908,7 @@ this.PlacesUtils = {
* @param type
* The content type of the blob.
* @returns An array of objects representing each item contained by the source.
+ * @throws if the blob contains invalid data.
*/
unwrapNodes: function PU_unwrapNodes(blob, type) {
// We split on "\n" because the transferable system converts "\r\n" to "\n"
@@ -939,7 +940,7 @@ this.PlacesUtils = {
catch (e) {}
}
// note: this._uri() will throw if uriString is not a valid URI
- if (this._uri(uriString)) {
+ if (this._uri(uriString) && this._uri(uriString).scheme != "place") {
nodes.push({ uri: uriString,
title: titleString ? titleString : uriString,
type: this.TYPE_X_MOZ_URL });
@@ -952,11 +953,12 @@ this.PlacesUtils = {
for (let i = 0; i < parts.length; i++) {
let uriString = parts[i];
// text/uri-list is converted to TYPE_UNICODE but it could contain
- // comments line prepended by #, we should skip them
- if (uriString.substr(0, 1) == '\x23')
+ // comments line prepended by #, we should skip them, as well as
+ // empty URIs
+ if (uriString.substr(0, 1) == '\x23' || uriString == "")
continue;
// note: this._uri() will throw if uriString is not a valid URI
- if (uriString != "" && this._uri(uriString))
+ if (this._uri(uriString).scheme != "place")
nodes.push({ uri: uriString,
title: uriString,
type: this.TYPE_X_MOZ_URL });