ported from UXP: [places] Prevent some abuse of smart queries. (b3deb955)

2026-05-29 16:10:41 +00:00 · 2022-04-03 15:21:39 +08:00
parent 0f0b10e24d
commit 60b8d50010
2 changed files with 14 additions and 4 deletions
@@ -39,6 +39,7 @@
 #include "mozilla/dom/OSFileSystem.h"
 #include "mozilla/dom/Promise.h"
 #include "nsNetUtil.h"
+#include "nsReadableUtils.h"

 namespace mozilla {
 namespace dom {
@@ -635,6 +636,13 @@ DataTransfer::PrincipalMaySetData(const nsAString& aType,
      NS_WARNING("Disallowing adding x-moz-file or x-moz-file-promize types to DataTransfer");
      return false;
    }
+    
+    // Disallow content from creating x-moz-place flavors, so that it cannot
+    // create fake Places smart queries exposing user data.
+    if (StringBeginsWith(aType, NS_LITERAL_STRING("text/x-moz-place"))) {
+      NS_WARNING("Disallowing adding moz-place types to DataTransfer");
+      return false;
+    }
  }
  return true;
 }