]> spindle.queued.net Git - midori/commitdiff
Limit data: for main content to images
authorChristian Dywan <christian@twotoasts.de>
Tue, 4 Sep 2012 22:04:58 +0000 (00:04 +0200)
committerChristian Dywan <christian@twotoasts.de>
Tue, 4 Sep 2012 22:06:07 +0000 (00:06 +0200)
midori/midori-view.c

index 41c6ba4b2a8b912fb8792e41f833113e288ee00f..36065f352f2d83666e0bdbb21b93a3b43f996943 100644 (file)
@@ -952,6 +952,13 @@ midori_view_web_view_navigation_decision_cb (WebKitWebView*             web_view
             return TRUE;
         }
     }
+    else if (g_str_has_prefix (uri, "data:image/"))
+    {
+        /* For security reasons, main content served as data: is limited to images
+           http://lcamtuf.coredump.cx/switch/ */
+        webkit_web_policy_decision_ignore (decision);
+        return TRUE;
+    }
     #ifdef HAVE_GCR
     else if (/* view->special && */ !strncmp (uri, "https", 5))
     {