From: Christian Dywan Date: Tue, 4 Sep 2012 22:04:58 +0000 (+0200) Subject: Limit data: for main content to images X-Git-Url: https://spindle.queued.net/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2c9660b3a1e1816c513cd88e0808fec7c94288c;p=midori Limit data: for main content to images --- diff --git a/midori/midori-view.c b/midori/midori-view.c index 41c6ba4b..36065f35 100644 --- a/midori/midori-view.c +++ b/midori/midori-view.c @@ -952,6 +952,13 @@ midori_view_web_view_navigation_decision_cb (WebKitWebView* web_view return TRUE; } } + else if (g_str_has_prefix (uri, "data:image/")) + { + /* For security reasons, main content served as data: is limited to images + http://lcamtuf.coredump.cx/switch/ */ + webkit_web_policy_decision_ignore (decision); + return TRUE; + } #ifdef HAVE_GCR else if (/* view->special && */ !strncmp (uri, "https", 5)) {