351b951583
https://www.mozilla.org/en-US/firefox/129.0/releasenotes MFSA 2024-33 (bsc#1228648)) * CVE-2024-7518 (bmo#1875354) Fullscreen notification dialog can be obscured by document content * CVE-2024-7519 (bmo#1902307) Out of bounds memory access in graphics shared memory handling * CVE-2024-7520 (bmo#1903041) Type confusion in WebAssembly * CVE-2024-7521 (bmo#1904644) Incomplete WebAssembly exception handing * CVE-2024-7522 (bmo#1906727) Out of bounds read in editor component * CVE-2024-7523 (bmo#1908344) Document content could partially obscure security prompts * CVE-2024-7524 (bmo#1909241) CSP strict-dynamic bypass using web-compatibility shims * CVE-2024-7525 (bmo#1909298) Missing permission check when creating a StreamFilter * CVE-2024-7526 (bmo#1910306) Uninitialized memory used by WebGL * CVE-2024-7527 (bmo#1871303) Use-after-free in JavaScript garbage collection * CVE-2024-7528 (bmo#1895951) Use-after-free in IndexedDB * CVE-2024-7529 (bmo#1903187) Document content could partially obscure security prompts * CVE-2024-7530 (bmo#1904011) Use-after-free in JavaScript code coverage collection * CVE-2024-7531 (bmo#1905691) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/MozillaFirefox?expand=0&rev=1168
64 lines
2.5 KiB
Diff
64 lines
2.5 KiB
Diff
# HG changeset patch
|
|
# User Rob Krum <biggestsonicfan@gmail.com>
|
|
# Date 1695432215 25200
|
|
# Fri Sep 22 18:23:35 2023 -0700
|
|
# Node ID e6a8a9f0956d124e8de34eb4bcf09d8e17077d9d
|
|
# Parent 5dbbabbfaca21d2c5994f95ed095313284611c44
|
|
Bug 1822730 - Add basic blob protocol handling for blob URIs that contain parsable http/s protocols
|
|
|
|
diff --git a/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs b/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
|
|
--- a/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
|
|
+++ b/toolkit/mozapps/downloads/DownloadLastDir.sys.mjs
|
|
@@ -216,38 +216,49 @@ export class DownloadLastDir {
|
|
Services.prefs.setComplexValue(LAST_DIR_PREF, nsIFile, aFile);
|
|
} else if (Services.prefs.prefHasUserValue(LAST_DIR_PREF)) {
|
|
Services.prefs.clearUserPref(LAST_DIR_PREF);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Pre-processor to extract a domain name to be used with the content-prefs
|
|
- * service. This specially handles data and file URIs so that the download
|
|
- * dirs are recalled in a more consistent way:
|
|
+ * service. This specially handles data, file and blob URIs so that the
|
|
+ * download dirs are recalled in a more consistent way:
|
|
* - all file:/// URIs share the same folder
|
|
* - data: URIs share a folder per mime-type. If a mime-type is not
|
|
* specified text/plain is assumed.
|
|
* - blob: URIs share the same folder as their origin. This is done by
|
|
* ContentPrefs already, so we just let the url fall-through.
|
|
* In any other case the original URL is returned as a string and ContentPrefs
|
|
* will do its usual parsing.
|
|
*
|
|
* @param {string|nsIURI|URL} url The URL to parse
|
|
* @returns {string} the domain name to use, or the original url.
|
|
*/
|
|
#cpsGroupFromURL(url) {
|
|
if (typeof url == "string") {
|
|
+ if (url.startsWith("blob:http://") || url.startsWith("blob:https://")) {
|
|
+ url = url.replace("blob:", "");
|
|
+ }
|
|
url = new URL(url);
|
|
} else if (url instanceof Ci.nsIURI) {
|
|
url = URL.fromURI(url);
|
|
}
|
|
if (!URL.isInstance(url)) {
|
|
return url;
|
|
}
|
|
+ if (url.protocol == "blob:") {
|
|
+ if (
|
|
+ url.href.startsWith("blob:http://") ||
|
|
+ url.href.startsWith("blob:https://")
|
|
+ ) {
|
|
+ return url.href.replace("blob:", "");
|
|
+ }
|
|
+ }
|
|
if (url.protocol == "data:") {
|
|
return url.href.match(/^data:[^;,]*/i)[0].replace(/:$/, ":text/plain");
|
|
}
|
|
if (url.protocol == "file:") {
|
|
return "file:///";
|
|
}
|
|
return url.href;
|
|
}
|