ma1 pushed to branch tor-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Tor Browser
Commits:
-
8b57c078
by hackademix at 2024-08-20T10:50:47+02:00
1 changed file:
Changes:
... | ... | @@ -12,11 +12,14 @@ ChromeUtils.defineLazyGetter(lazy, "console", () => { |
12 | 12 | |
13 | 13 | export class FilesFilterChild extends JSWindowActorChild {
|
14 | 14 | handleEvent(event) {
|
15 | + if (!Services.prefs.getBoolPref("browser.filesfilter.enabled", true)) {
|
|
16 | + return;
|
|
17 | + }
|
|
15 | 18 | // drop or paste
|
16 | 19 | const { composedTarget } = event;
|
17 | 20 | const dt = event.clipboardData || event.dataTransfer;
|
18 | 21 | |
19 | - if (dt.files.length) {
|
|
22 | + if ([...dt.files].some(f => f.mozFullPath)) {
|
|
20 | 23 | if (
|
21 | 24 | ["HTMLInputElement", "HTMLTextAreaElement"].includes(
|
22 | 25 | ChromeUtils.getClassName(composedTarget)
|
... | ... | @@ -25,7 +28,7 @@ export class FilesFilterChild extends JSWindowActorChild { |
25 | 28 | event.preventDefault();
|
26 | 29 | lazy.console.log(
|
27 | 30 | `Preventing path leak on ${event.type} for ${[...dt.files]
|
28 | - .map(f => f.name)
|
|
31 | + .map(f => `${f.name} (${f.mozFullPath})`)
|
|
29 | 32 | .join(", ")}.`
|
30 | 33 | );
|
31 | 34 | }
|
... | ... | @@ -33,7 +36,7 @@ export class FilesFilterChild extends JSWindowActorChild { |
33 | 36 | }
|
34 | 37 | |
35 | 38 | // "Paste Without Formatting" (ctrl+shift+V) in HTML editors coerces files into paths
|
36 | - if (!(event.clipboardData && dt.getData("text"))) {
|
|
39 | + if (!(event.clipboardData && /[\/\\]/.test(dt.getData("text")))) {
|
|
37 | 40 | return;
|
38 | 41 | }
|
39 | 42 |