Bug 1163422. r=Gijs, a=sledru
authorFelipe Gomes <felipc@gmail.com>
Fri, 22 May 2015 15:01:55 -0300
changeset 274764 26f06cf226703ffce12890f83210d60df80ca821
parent 274763 b500a8efdc29243aff69335aca91bc3724108210
child 274765 daf478785c62acb93c126d1fe111451b5d14ca1a
push id863
push userraliiev@mozilla.com
push dateMon, 03 Aug 2015 13:22:43 +0000
treeherdermozilla-release@f6321b14228d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersGijs, sledru
bugs1163422
milestone40.0a2
Bug 1163422. r=Gijs, a=sledru
browser/base/content/content.js
--- a/browser/base/content/content.js
+++ b/browser/base/content/content.js
@@ -362,16 +362,22 @@ let ClickEventHandler = {
     let [href, node] = this._hrefAndLinkNodeForClickEvent(event);
 
     let json = { button: event.button, shiftKey: event.shiftKey,
                  ctrlKey: event.ctrlKey, metaKey: event.metaKey,
                  altKey: event.altKey, href: null, title: null,
                  bookmark: false, referrerPolicy: ownerDoc.referrerPolicy };
 
     if (href) {
+      try {
+        BrowserUtils.urlSecurityCheck(href, node.ownerDocument.nodePrincipal);
+      } catch (e) {
+        return;
+      }
+
       json.href = href;
       if (node) {
         json.title = node.getAttribute("title");
         if (event.button == 0 && !event.ctrlKey && !event.shiftKey &&
             !event.altKey && !event.metaKey) {
           json.bookmark = node.getAttribute("rel") == "sidebar";
           if (json.bookmark) {
             event.preventDefault(); // Need to prevent the pageload.