From a2e0f637b2f614440219993dd425cead09945b9b Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Wed, 22 Nov 2017 12:47:05 +0100
Subject: Make the url bar strip javascript even when preceded by control
 characters

---
 browser/base/content/browser.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'browser/base')

diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 5a54dcc58..d813a55cc 100755
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -5688,7 +5688,7 @@ function middleMousePaste(event) {
 function stripUnsafeProtocolOnPaste(pasteData) {
   // Don't allow pasting javascript URIs since we don't support
   // LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL for those.
-  return pasteData.replace(/\r?\n/g, "").replace(/^(?:\s*javascript:)+/i, "");
+  return pasteData.replace(/\r?\n/g, "").replace(/^(?:\W*javascript:)+/i, "");
 }
 
 // handleDroppedLink has the following 2 overloads:
-- 
cgit v1.2.3