diff options
Diffstat (limited to 'application/palemoon')
-rw-r--r-- | application/palemoon/components/preferences/permissions.js | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/application/palemoon/components/preferences/permissions.js b/application/palemoon/components/preferences/permissions.js index 03e07a916..8f559b0e0 100644 --- a/application/palemoon/components/preferences/permissions.js +++ b/application/palemoon/components/preferences/permissions.js @@ -86,14 +86,25 @@ var gPermissionManager = { var input_url = textbox.value.replace(/^\s*/, ""); // trim any leading space let principal; try { - // If the uri doesn't successfully parse, try adding a http:// and parsing again + // The origin accessor on the principal object will throw if the + // principal doesn't have a canonical origin representation. This will + // help catch cases where the URI parser parsed something like + // `localhost:8080` as having the scheme `localhost`, rather than being + // an invalid URI. A canonical origin representation is required by the + // permission manager for storage, so this won't prevent any valid + // permissions from being entered by the user. let uri; try { uri = Services.io.newURI(input_url, null, null); + principal = Services.scriptSecurityManager.getNoAppCodebasePrincipal(uri); + // If we have ended up with an unknown scheme, the following will throw. + principal.origin; } catch(ex) { uri = Services.io.newURI("http://" + input_url, null, null); + principal = Services.scriptSecurityManager.getNoAppCodebasePrincipal(uri); + // If we have ended up with an unknown scheme, the following will throw. + principal.origin; } - principal = Services.scriptSecurityManager.getNoAppCodebasePrincipal(uri); } catch(ex) { var message = this._bundle.getString("invalidURI"); var title = this._bundle.getString("invalidURITitle"); |