Bug 553459 Deal with saved POST data in functions loading entries e.g. from places (goButtonObserver). r=Neil
authorPhilip Chee <philip.chee@gmail.com>
Sat, 05 Mar 2011 11:27:31 +0800
changeset 7254 18feac9335869622054679f23a48c0bff92bf586
parent 7253 f2f42e0e284dd1013b2f0db1379344dd9714d210
child 7255 59e01ab2fabd62200dffba5fed9604ab31815ad5
push idunknown
push userunknown
push dateunknown
reviewersNeil
bugs553459
Bug 553459 Deal with saved POST data in functions loading entries e.g. from places (goButtonObserver). r=Neil
suite/browser/navigatorDD.js
--- a/suite/browser/navigatorDD.js
+++ b/suite/browser/navigatorDD.js
@@ -171,24 +171,35 @@ var goButtonObserver = {
     },
   onDragExit: function (aEvent, aDragSession)
     {
       aEvent.target.removeAttribute("dragover");
     },
   onDrop: function (aEvent, aXferData, aDragSession)
     {
       var xferData = aXferData.data.split("\n");
-      var uri = xferData[0] ? xferData[0] : xferData[1];
-      if (uri)
-        {
-          // Perform a security check before loading the URI
-          nsDragAndDrop.dragDropSecurityCheck(aEvent, aDragSession, uri);
+      var draggedText = xferData[0] || xferData[1];
+      try {
+        nsDragAndDrop.dragDropSecurityCheck(aEvent, aDragSession, draggedText);
 
-          loadURI(uri);
+        var uri;
+        try {
+          uri = makeURI(draggedText);
+        } catch (ex) { }
+        if (uri) {
+          // we have a valid url, so do a security check for javascript.
+          const nsIScriptSecMan = Components.interfaces.nsIScriptSecurityManager;
+          urlSecurityCheck(uri, content.document.nodePrincipal,
+                           nsIScriptSecMan.DISALLOW_SCRIPT_OR_DATA);
         }
+
+        var postData = {};
+        var url = getShortcutOrURI(draggedText, postData);
+        loadURI(url, null, postData.value, true);
+      } catch (ex) { }
     },
   getSupportedFlavours: function ()
     {
       var flavourSet = new FlavourSet();
       flavourSet.appendFlavour("application/x-moz-file", "nsIFile");
       flavourSet.appendFlavour("text/x-moz-url");
       flavourSet.appendFlavour("text/unicode");
       return flavourSet;