Bug 1402896 - make the url bar strip javascript even when preceded by control characters, r?mak
MozReview-Commit-ID: 5ZO8n5lfvnl
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -6114,17 +6114,17 @@ function middleMousePaste(event) {
event.stopPropagation();
}
function stripUnsafeProtocolOnPaste(pasteData) {
// Don't allow pasting javascript URIs since we don't support
// LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL for those.
let changed = false;
let pasteDataNoJS = pasteData.replace(/\r?\n/g, "")
- .replace(/^(?:\s*javascript:)+/i,
+ .replace(/^(?:\W*javascript:)+/i,
() => {
changed = true;
return "";
});
return changed ? pasteDataNoJS : pasteData;
}
// handleDroppedLink has the following 2 overloads:
--- a/browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js
+++ b/browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js
@@ -2,16 +2,17 @@ function test() {
waitForExplicitFinish();
testNext();
}
var pairs = [
["javascript:", ""],
["javascript:1+1", "1+1"],
["javascript:document.domain", "document.domain"],
+ [" \u0001\u0002\u0003\u0004\u0005\u0006\u0007\u0008\u0009javascript:document.domain", "document.domain"],
["java\nscript:foo", "foo"],
["http://\nexample.com", "http://example.com"],
["http://\nexample.com\n", "http://example.com"],
["data:text/html,<body>hi</body>", "data:text/html,<body>hi</body>"],
// Nested things get confusing because some things don't parse as URIs:
["javascript:javascript:alert('hi!')", "alert('hi!')"],
["data:data:text/html,<body>hi</body>", "data:data:text/html,<body>hi</body>"],
["javascript:data:javascript:alert('hi!')", "data:javascript:alert('hi!')"],