Bug 1163422. r=Gijs, a=sledru
authorFelipe Gomes <felipc@gmail.com>
Fri, 22 May 2015 15:01:55 -0300
changeset 266102 8b33b6374feb
parent 266101 34df9b9beee3
child 266103 2b23a8be4f93
push id4754
push userryanvm@gmail.com
push date2015-05-25 15:15 +0000
treeherdermozilla-beta@8b33b6374feb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersGijs, sledru
bugs1163422
milestone39.0
Bug 1163422. r=Gijs, a=sledru
browser/base/content/content.js
--- a/browser/base/content/content.js
+++ b/browser/base/content/content.js
@@ -710,16 +710,22 @@ let ClickEventHandler = {
     let [href, node] = this._hrefAndLinkNodeForClickEvent(event);
 
     let json = { button: event.button, shiftKey: event.shiftKey,
                  ctrlKey: event.ctrlKey, metaKey: event.metaKey,
                  altKey: event.altKey, href: null, title: null,
                  bookmark: false, referrerPolicy: ownerDoc.referrerPolicy };
 
     if (href) {
+      try {
+        BrowserUtils.urlSecurityCheck(href, node.ownerDocument.nodePrincipal);
+      } catch (e) {
+        return;
+      }
+
       json.href = href;
       if (node) {
         json.title = node.getAttribute("title");
         if (event.button == 0 && !event.ctrlKey && !event.shiftKey &&
             !event.altKey && !event.metaKey) {
           json.bookmark = node.getAttribute("rel") == "sidebar";
           if (json.bookmark) {
             event.preventDefault(); // Need to prevent the pageload.