[Xfce4-commits] <midori:master> Limit data: for main content to images

Wed Sep 5 00:08:04 CEST 2012

Updating branch refs/heads/master
         to e2c9660b3a1e1816c513cd88e0808fec7c94288c (commit)
       from 6210c59e3166a3098982d1ddb8006dfb7f4c5d36 (commit)

commit e2c9660b3a1e1816c513cd88e0808fec7c94288c
Author: Christian Dywan <christian at twotoasts.de>
Date:   Wed Sep 5 00:04:58 2012 +0200

    Limit data: for main content to images

 midori/midori-view.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/midori/midori-view.c b/midori/midori-view.c
index 41c6ba4..36065f3 100644
--- a/midori/midori-view.c
+++ b/midori/midori-view.c
@@ -952,6 +952,13 @@ midori_view_web_view_navigation_decision_cb (WebKitWebView*             web_view
             return TRUE;
         }
     }
+    else if (g_str_has_prefix (uri, "data:image/"))
+    {
+        /* For security reasons, main content served as data: is limited to images
+           http://lcamtuf.coredump.cx/switch/ */
+        webkit_web_policy_decision_ignore (decision);
+        return TRUE;
+    }
     #ifdef HAVE_GCR
     else if (/* view->special && */ !strncmp (uri, "https", 5))
     {
