summaryrefslogtreecommitdiff
path: root/dom/base
diff options
context:
space:
mode:
authorMoonchild <moonchild@palemoon.org>2020-07-29 01:21:13 +0000
committerMoonchild <moonchild@palemoon.org>2020-07-29 01:21:13 +0000
commit3b0123aa12675decc11332704997e29a819eb8ff (patch)
treefca56977877dae912f340f41ae12d828c7d17d68 /dom/base
parent08fb2f306856948ecc71974dd98c0a6d78df25aa (diff)
downloaduxp-3b0123aa12675decc11332704997e29a819eb8ff.tar.gz
[network/dom] Improve sanitization of download filenames.
Diffstat (limited to 'dom/base')
-rw-r--r--dom/base/nsContentUtils.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
index 61d10e0223..3568ced90d 100644
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -5123,6 +5123,14 @@ nsContentUtils::TriggerLink(nsIContent *aContent, nsPresContext *aPresContext,
fileName.SetIsVoid(true); // No actionable download attribute was found.
}
+ // Sanitize fileNames containing control characters by replacing them with
+ // underscores.
+ if (!fileName.IsVoid()) {
+ for (int i = 0; i < 32; i++) {
+ fileName.ReplaceChar(char16_t(i), '_');
+ }
+ }
+
handler->OnLinkClick(aContent, aLinkURI,
fileName.IsVoid() ? aTargetSpec.get() : EmptyString().get(),
fileName, nullptr, nullptr, aIsTrusted, aContent->NodePrincipal());