diff options
| author | Moonchild <moonchild@palemoon.org> | 2020-07-29 01:21:13 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2020-07-29 01:21:13 +0000 |
| commit | 3b0123aa12675decc11332704997e29a819eb8ff (patch) | |
| tree | fca56977877dae912f340f41ae12d828c7d17d68 /uriloader | |
| parent | 08fb2f306856948ecc71974dd98c0a6d78df25aa (diff) | |
| download | uxp-3b0123aa12675decc11332704997e29a819eb8ff.tar.gz | |
[network/dom] Improve sanitization of download filenames.
Diffstat (limited to 'uriloader')
| -rw-r--r-- | uriloader/exthandler/nsExternalHelperAppService.cpp | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp index 49a54ea5f4..0ca3d7edf3 100644 --- a/uriloader/exthandler/nsExternalHelperAppService.cpp +++ b/uriloader/exthandler/nsExternalHelperAppService.cpp @@ -1181,9 +1181,12 @@ nsExternalAppHandler::nsExternalAppHandler(nsIMIMEInfo * aMIMEInfo, mTempFileExtension = char16_t('.'); AppendUTF8toUTF16(aTempFileExtension, mTempFileExtension); - // replace platform specific path separator and illegal characters to avoid any confusion - mSuggestedFileName.ReplaceChar(KNOWN_PATH_SEPARATORS FILE_ILLEGAL_CHARACTERS, '_'); - mTempFileExtension.ReplaceChar(KNOWN_PATH_SEPARATORS FILE_ILLEGAL_CHARACTERS, '_'); + // Replace platform specific path separator and illegal characters to avoid any confusion + mSuggestedFileName.ReplaceChar(KNOWN_PATH_SEPARATORS, '_'); + mSuggestedFileName.ReplaceChar(FILE_ILLEGAL_CHARACTERS, ' '); + mSuggestedFileName.ReplaceChar(char16_t(0), '_'); + mTempFileExtension.ReplaceChar(KNOWN_PATH_SEPARATORS, '_'); + mTempFileExtension.ReplaceChar(FILE_ILLEGAL_CHARACTERS, ' '); // Remove unsafe bidi characters which might have spoofing implications (bug 511521). const char16_t unsafeBidiCharacters[] = { |