1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
commit be067d6efbf4
Author: Gijs Kruitbosch <gijskruitbosch@gmail.com>
Date: Wed Feb 21 12:18:40 2018 +0000
Bug 1439396, r=mak a=RyanVM
--HG--
extra : source : 2c38198fec8a7654862e491884db41b852ac367c
---
browser/base/content/browser.js | 2 +-
.../content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git browser/base/content/browser.js browser/base/content/browser.js
index efd1b6ef3a08..c74031c4e31d 100755
--- browser/base/content/browser.js
+++ browser/base/content/browser.js
@@ -6038,7 +6038,7 @@ function stripUnsafeProtocolOnPaste(pasteData) {
try {
scheme = Services.io.extractScheme(pasteData);
} catch (ex) { }
- if (scheme != "javascript") {
+ if (scheme.toLowerCase() != "javascript") {
break;
}
diff --git browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js
index 70ecaa048626..94b417eb7435 100644
--- browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js
+++ browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js
@@ -13,6 +13,8 @@ var pairs = [
["http://\nexample.com", "http://example.com"],
["http://\nexample.com\n", "http://example.com"],
["data:text/html,<body>hi</body>", "data:text/html,<body>hi</body>"],
+ ["javaScript:foopy", "foopy"],
+ ["javaScript:javaScript:alert('hi')", "alert('hi')"],
// Nested things get confusing because some things don't parse as URIs:
["javascript:javascript:alert('hi!')", "alert('hi!')"],
["data:data:text/html,<body>hi</body>", "data:data:text/html,<body>hi</body>"],
|