Fixing bug 250862. Prevent javascript: and data: URLs from being dropped into the content area. r=caillon@gmail.com, sr=dveditz@cruzio.com

2004-08-26 07:47:38 +00:00 · 2004-08-26 07:47:38 +00:00 · aa4ea96397
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@ -4132,8 +4132,11 @@ var contentAreaDNDObserver = {
    {
      var url = transferUtils.retrieveURLFromData(aXferData.data, aXferData.flavour.contentType);

-      // valid urls don't contain spaces ' '; if we have a space it isn't a valid url so bail out
-      if (!url || !url.length || url.indexOf(" ", 0) != -1) 
+      // valid urls don't contain spaces ' '; if we have a space it
+      // isn't a valid url, or if it's a javascript: or data: url,
+      // bail out
+      if (!url || !url.length || url.indexOf(" ", 0) != -1 ||
+          /^\s*(javascript|data):/.test(url))
        return;

      switch (document.firstChild.getAttribute('windowtype')) {
--- a/xpfe/communicator/resources/content/contentAreaDD.js
+++ b/xpfe/communicator/resources/content/contentAreaDD.js
@ -53,8 +53,11 @@ var contentAreaDNDObserver = {
    {
      var url = transferUtils.retrieveURLFromData(aXferData.data, aXferData.flavour.contentType);

-      // valid urls don't contain spaces ' '; if we have a space it isn't a valid url so bail out
-      if (!url || !url.length || url.indexOf(" ", 0) != -1) 
+      // valid urls don't contain spaces ' '; if we have a space it
+      // isn't a valid url, or if it's a javascript: or data: url,
+      // bail out
+      if (!url || !url.length || url.indexOf(" ", 0) != -1 ||
+          /^\s*(javascript|data):/.test(url))
        return;

      switch (document.firstChild.getAttribute('windowtype')) {