diff options
author | Moonchild <moonchild@palemoon.org> | 2020-07-29 01:21:13 +0000 |
---|---|---|
committer | Moonchild <moonchild@palemoon.org> | 2020-07-29 01:21:13 +0000 |
commit | 3b0123aa12675decc11332704997e29a819eb8ff (patch) | |
tree | fca56977877dae912f340f41ae12d828c7d17d68 /dom/base | |
parent | 08fb2f306856948ecc71974dd98c0a6d78df25aa (diff) | |
download | uxp-3b0123aa12675decc11332704997e29a819eb8ff.tar.gz |
[network/dom] Improve sanitization of download filenames.
Diffstat (limited to 'dom/base')
-rw-r--r-- | dom/base/nsContentUtils.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index 61d10e0223..3568ced90d 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -5123,6 +5123,14 @@ nsContentUtils::TriggerLink(nsIContent *aContent, nsPresContext *aPresContext, fileName.SetIsVoid(true); // No actionable download attribute was found. } + // Sanitize fileNames containing control characters by replacing them with + // underscores. + if (!fileName.IsVoid()) { + for (int i = 0; i < 32; i++) { + fileName.ReplaceChar(char16_t(i), '_'); + } + } + handler->OnLinkClick(aContent, aLinkURI, fileName.IsVoid() ? aTargetSpec.get() : EmptyString().get(), fileName, nullptr, nullptr, aIsTrusted, aContent->NodePrincipal()); |