head	1.2;
access;
symbols
	old_RELEASE_5_3_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2004.10.12.00.04.40;	author marcus;	state dead;
branches;
next	1.1;

1.1
date	2004.09.28.03.24.41;	author marcus;	state Exp;
branches;
next	;


desc
@@


1.2
log
@* Update to 1.0.1.p (aka 0.10.1, aka 1.0PR)
* Add support for installing the new Firefox brand icon by defining
  WITH_NEW_ICON [1]

For all that's new, check out http://www.mozilla.org/products/firefox/releases/

PR:		71781 [1]
Submitted by:	Radek Kozlowski <radek@@raadradd.com> [1]
@
text
@Index: mozilla/xpfe/communicator/resources/content/contentAreaDD.js
===================================================================
RCS file: /cvsroot/mozilla/xpfe/communicator/resources/content/contentAreaDD.js,v
retrieving revision 1.32
retrieving revision 1.32.88.1
diff -u -r1.32 -r1.32.88.1
--- xpfe/communicator/resources/content/contentAreaDD.js	10 Jul 2002 01:23:50 -0000	1.32
+++ xpfe/communicator/resources/content/contentAreaDD.js	27 Aug 2004 01:13:39 -0000	1.32.88.1
@@@@ -53,8 +53,11 @@@@
     {
       var url = transferUtils.retrieveURLFromData(aXferData.data, aXferData.flavour.contentType);
 
-      // valid urls don't contain spaces ' '; if we have a space it isn't a valid url so bail out
-      if (!url || !url.length || url.indexOf(" ", 0) != -1) 
+      // valid urls don't contain spaces ' '; if we have a space it
+      // isn't a valid url, or if it's a javascript: or data: url,
+      // bail out
+      if (!url || !url.length || url.indexOf(" ", 0) != -1 ||
+          /^\s*(javascript|data):/.test(url))
         return;
 
       switch (document.firstChild.getAttribute('windowtype')) {
@


1.1
log
@Patch the various recently reported security vulnerabilities in Mozilla.
This is being done instead of the update to 1.0 PR 1 since we're in a ports
freeze, and too many big changes is not a good idea.

This update covers the following Mozilla bugs:

250862
255067
256316

Thanks to nectar for scraping all of these patches together.

Obtained from:	Mozilla CVS
Approved by:	portmgr (implicit)
@
text
@@

