www

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | Submodules | README | LICENSE
commit f0d58fa94869da65e5a16c54e99e17bce06cc4a3
parent 490794dfb9875eceaddea648919fa5cd54ebf23b
Author: Dan Stillman <dstillman@zotero.org>
Date:   Sat,  9 Oct 2010 20:33:55 +0000

Don't load javascript: and data: URIs from URI field


Diffstat:

Mchrome/content/zotero/overlay.js | 5+++++


1 file changed, 5 insertions(+), 0 deletions(-)

diff --git a/chrome/content/zotero/overlay.js b/chrome/content/zotero/overlay.js
@@ -2557,6 +2557,11 @@ var ZoteroPane = new function()
 	 *  shift-click == new window, no modifier == frontmost tab
 	 */
 	function loadURI(uri, event, data) {
+		// Ignore javascript: and data: URIs
+		if (uri.match(/^(javascript|data):/)) {
+			return;
+		}
+		
 		if (Zotero.isStandalone && uri.match(/^https?/)) {
 			var io = Components.classes['@mozilla.org/network/io-service;1']
 						.getService(Components.interfaces.nsIIOService);