summaryrefslogtreecommitdiffstats
path: root/dom/events
diff options
context:
space:
mode:
Diffstat (limited to 'dom/events')
-rw-r--r--dom/events/DataTransfer.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/dom/events/DataTransfer.cpp b/dom/events/DataTransfer.cpp
index 40a0f42e6..35e80fea4 100644
--- a/dom/events/DataTransfer.cpp
+++ b/dom/events/DataTransfer.cpp
@@ -39,6 +39,7 @@
#include "mozilla/dom/OSFileSystem.h"
#include "mozilla/dom/Promise.h"
#include "nsNetUtil.h"
+#include "nsReadableUtils.h"
namespace mozilla {
namespace dom {
@@ -644,6 +645,13 @@ DataTransfer::PrincipalMaySetData(const nsAString& aType,
NS_WARNING("Disallowing adding x-moz-file or x-moz-file-promize types to DataTransfer");
return false;
}
+
+ // Disallow content from creating x-moz-place flavors, so that it cannot
+ // create fake Places smart queries exposing user data.
+ if (StringBeginsWith(aType, NS_LITERAL_STRING("text/x-moz-place"))) {
+ NS_WARNING("Disallowing adding moz-place types to DataTransfer");
+ return false;
+ }
}
return true;
}