From a91722be27ce3bd541ca10155fe80d81202785ad Mon Sep 17 00:00:00 2001
From: Moonchild <moonchild@palemoon.org>
Date: Wed, 29 Jul 2020 01:21:13 +0000
Subject: [network/dom] Improve sanitization of download filenames.

---
 dom/base/nsContentUtils.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'dom/base')

diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
index 6a9904bf9..1a3f5b5ca 100644
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -5105,6 +5105,14 @@ nsContentUtils::TriggerLink(nsIContent *aContent, nsPresContext *aPresContext,
       fileName.SetIsVoid(true); // No actionable download attribute was found.
     }
 
+    // Sanitize fileNames containing control characters by replacing them with
+    // underscores.
+    if (!fileName.IsVoid()) {
+      for (int i = 0; i < 32; i++) {
+        fileName.ReplaceChar(char16_t(i), '_');
+      }
+    }
+
     handler->OnLinkClick(aContent, aLinkURI,
                          fileName.IsVoid() ? aTargetSpec.get() : EmptyString().get(),
                          fileName, nullptr, nullptr, aIsTrusted, aContent->NodePrincipal());
-- 
cgit v1.2.3