Bug 1147597. r=gavin, a=sledru
authorMargaret Leibovic <margaret.leibovic@gmail.com>
Mon, 30 Mar 2015 13:27:29 -0400
changeset 258258 e4566e5991e8
parent 258257 88b4ec69e42f
child 258259 0ed266400af5
push id4628
push userryanvm@gmail.com
push date2015-04-03 20:32 +0000
treeherdermozilla-beta@e4566e5991e8 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgavin, sledru
bugs1147597
milestone38.0
Bug 1147597. r=gavin, a=sledru
toolkit/components/reader/AboutReader.jsm
--- a/toolkit/components/reader/AboutReader.jsm
+++ b/toolkit/components/reader/AboutReader.jsm
@@ -15,16 +15,23 @@ XPCOMUtils.defineLazyModuleGetter(this, 
 XPCOMUtils.defineLazyModuleGetter(this, "Task", "resource://gre/modules/Task.jsm");
 XPCOMUtils.defineLazyModuleGetter(this, "UITelemetry", "resource://gre/modules/UITelemetry.jsm");
 
 const READINGLIST_COMMAND_ID = "readingListSidebar";
 
 let gStrings = Services.strings.createBundle("chrome://global/locale/aboutReader.properties");
 
 let AboutReader = function(mm, win, articlePromise) {
+  let url = this._getOriginalUrl(win);
+  if (!(url.startsWith("http://") || url.startsWith("https://"))) {
+    Cu.reportError("Only http:// and https:// URLs can be loaded in about:reader");
+    win.location.href = "about:blank";
+    return;
+  }
+
   let doc = win.document;
 
   this._mm = mm;
   this._mm.addMessageListener("Reader:Added", this);
   this._mm.addMessageListener("Reader:Removed", this);
   this._mm.addMessageListener("Sidebar:VisibilityChange", this);
   this._mm.addMessageListener("ReadingList:VisibilityStatus", this);
 
@@ -741,18 +748,18 @@ AboutReader.prototype = {
       this._messageElement.innerHTML = gStrings.GetStringFromName("aboutReader.loading");
       this._messageElement.style.display = "block";
     }.bind(this), 300);
   },
 
   /**
    * Returns the original article URL for this about:reader view.
    */
-  _getOriginalUrl: function() {
-    let url = this._win.location.href;
+  _getOriginalUrl: function(win) {
+    let url = win ? win.location.href : this._win.location.href;
     let searchParams = new URLSearchParams(url.split("?")[1]);
     if (!searchParams.has("url")) {
       Cu.reportError("Error finding original URL for about:reader URL: " + url);
       return url;
     }
     return decodeURIComponent(searchParams.get("url"));
   },