summaryrefslogtreecommitdiff
path: root/browser
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2017-11-22 12:47:05 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-02-08 21:12:36 +0100
commita2e0f637b2f614440219993dd425cead09945b9b (patch)
treeff3ba132643642329b40e367f336974ed28ef6d5 /browser
parent85083fce2da7a270e324fd951b7f3d03a50aef1b (diff)
downloaduxp-a2e0f637b2f614440219993dd425cead09945b9b.tar.gz
Make the url bar strip javascript even when preceded by control characters
Diffstat (limited to 'browser')
-rwxr-xr-xbrowser/base/content/browser.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 5a54dcc587..d813a55cc8 100755
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -5688,7 +5688,7 @@ function middleMousePaste(event) {
function stripUnsafeProtocolOnPaste(pasteData) {
// Don't allow pasting javascript URIs since we don't support
// LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL for those.
- return pasteData.replace(/\r?\n/g, "").replace(/^(?:\s*javascript:)+/i, "");
+ return pasteData.replace(/\r?\n/g, "").replace(/^(?:\W*javascript:)+/i, "");
}
// handleDroppedLink has the following 2 overloads: