freebsd-ports/www/firefox-devel/files/patch-250862
Joe Marcus Clarke 9117080c8c Patch the various recently reported security vulnerabilities in Mozilla.
This is being done instead of the update to 1.0 PR 1 since we're in a ports
freeze, and too many big changes is not a good idea.

This update covers the following Mozilla bugs:

250862
255067
256316

Thanks to nectar for scraping all of these patches together.

Obtained from:	Mozilla CVS
Approved by:	portmgr (implicit)
2004-09-28 03:24:41 +00:00

23 lines
1.1 KiB
Plaintext

Index: mozilla/xpfe/communicator/resources/content/contentAreaDD.js
===================================================================
RCS file: /cvsroot/mozilla/xpfe/communicator/resources/content/contentAreaDD.js,v
retrieving revision 1.32
retrieving revision 1.32.88.1
diff -u -r1.32 -r1.32.88.1
--- xpfe/communicator/resources/content/contentAreaDD.js 10 Jul 2002 01:23:50 -0000 1.32
+++ xpfe/communicator/resources/content/contentAreaDD.js 27 Aug 2004 01:13:39 -0000 1.32.88.1
@@ -53,8 +53,11 @@
{
var url = transferUtils.retrieveURLFromData(aXferData.data, aXferData.flavour.contentType);
- // valid urls don't contain spaces ' '; if we have a space it isn't a valid url so bail out
- if (!url || !url.length || url.indexOf(" ", 0) != -1)
+ // valid urls don't contain spaces ' '; if we have a space it
+ // isn't a valid url, or if it's a javascript: or data: url,
+ // bail out
+ if (!url || !url.length || url.indexOf(" ", 0) != -1 ||
+ /^\s*(javascript|data):/.test(url))
return;
switch (document.firstChild.getAttribute('windowtype')) {