Bug 285438 Drag and drop gestures can be hijacked to load priviliged xul - xpfe/toolkit trunk patch v2.0

p=jst/me r=neil.parkwaycc.co.uk sr=bzbarsky a=benjamin

suite/browser/navigatorDD.js

@@ -172,7 +172,12 @@ var goButtonObserver = {
       var xferData = aXferData.data.split("\n");
       var uri = xferData[0] ? xferData[0] : xferData[1];
       if (uri)
-        loadURI(uri);
+        {
+          // Perform a security check before loading the URI
+          nsDragAndDrop.dragDropSecurityCheck(aEvent, aDragSession, uri);
+
+          loadURI(uri);
+        }
     },
   getSupportedFlavours: function ()
     {