mozilla-beta: changeset 266102:8b33b6374feb296fcf36a43f5b2799e213d7698e

author	Felipe Gomes <felipc@gmail.com>
	Fri, 22 May 2015 15:01:55 -0300
changeset 266102	8b33b6374feb296fcf36a43f5b2799e213d7698e
parent 266101	34df9b9beee3c12658e3429b296eef5650def712
child 266103	2b23a8be4f936ee01a41abd55595b5dc12d871c7
push id	4754
push user	ryanvm@gmail.com
push date	Mon, 25 May 2015 15:15:46 +0000
treeherder	mozilla-beta@8b33b6374feb [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
reviewers	Gijs, sledru
bugs	1163422
milestone	39.0

Bug 1163422. r=Gijs, a=sledru

--- a/browser/base/content/content.js
+++ b/browser/base/content/content.js
@@ -710,16 +710,22 @@ let ClickEventHandler = {
     let [href, node] = this._hrefAndLinkNodeForClickEvent(event);
 
     let json = { button: event.button, shiftKey: event.shiftKey,
                  ctrlKey: event.ctrlKey, metaKey: event.metaKey,
                  altKey: event.altKey, href: null, title: null,
                  bookmark: false, referrerPolicy: ownerDoc.referrerPolicy };
 
     if (href) {
+      try {
+        BrowserUtils.urlSecurityCheck(href, node.ownerDocument.nodePrincipal);
+      } catch (e) {
+        return;
+      }
+
       json.href = href;
       if (node) {
         json.title = node.getAttribute("title");
         if (event.button == 0 && !event.ctrlKey && !event.shiftKey &&
             !event.altKey && !event.metaKey) {
           json.bookmark = node.getAttribute("rel") == "sidebar";
           if (json.bookmark) {
             event.preventDefault(); // Need to prevent the pageload.