2 files changed, 11 insertions, 11 deletions

diff --git a/dom/events/DataTransfer.cpp b/dom/events/DataTransfer.cpp
index 5e7d477dfb..3a3f5464d2 100644
--- a/dom/events/DataTransfer.cpp
+++ b/dom/events/DataTransfer.cpp
@@ -639,16 +639,11 @@ DataTransfer::PrincipalMaySetData(const nsAString& aType,
       return false;
     }
 
-    if (aType.EqualsASCII(kFileMime) ||
-        aType.EqualsASCII(kFilePromiseMime)) {
-      NS_WARNING("Disallowing adding x-moz-file or x-moz-file-promize types to DataTransfer");
-      return false;
-    }
-    
-    // Disallow content from creating x-moz-place flavors, so that it cannot
-    // create fake Places smart queries exposing user data.
-    if (StringBeginsWith(aType, NS_LITERAL_STRING("text/x-moz-place"))) {
-      NS_WARNING("Disallowing adding moz-place types to DataTransfer");
+    // Don't allow adding internal types of the form */x-moz-*, but
+    // special-case the url types as they are simple variations of urls.
+    if (FindInReadable(NS_LITERAL_STRING(kInternal_Mimetype_Prefix), aType) &&
+        !StringBeginsWith(aType, NS_LITERAL_STRING("text/x-moz-url"))) {
+      NS_WARNING("Disallowing adding requested internal type to DataTransfer");
       return false;
     }
   }
diff --git a/widget/nsITransferable.idl b/widget/nsITransferable.idl
index b128586dd1..e580673f5e 100644
--- a/widget/nsITransferable.idl
+++ b/widget/nsITransferable.idl
@@ -13,12 +13,17 @@ interface nsIPrincipal;
 
 %{ C++
 
+// Internal formats must have their second part starting with 'x-moz-',
+// for example text/x-moz-internaltype. These cannot be assigned by
+// unprivileged content but all other types can.
+#define kInternal_Mimetype_Prefix   "/x-moz-"
+
 // these probably shouldn't live here, but in some central repository shared
 // by the entire app.
 #define kTextMime                   "text/plain"
 #define kRTFMime                    "text/rtf"
 #define kUnicodeMime                "text/unicode"
-#define kMozTextInternal          "text/x-moz-text-internal"  // text data which isn't suppoed to be parsed by other apps.
+#define kMozTextInternal            "text/x-moz-text-internal"  // text data which isn't suppoed to be parsed by other apps.
 #define kHTMLMime                   "text/html"
 #define kAOLMailMime                "AOLMAIL"
 #define kPNGImageMime               "image/png"