Commented out call to AddImagesToSafeList() in PastHTML to prevent possible

security hole. git-svn-id: svn://10.0.0.236/trunk@12719 18797224-902f-48f8-a5cc-f745e15eee43
1998-10-13 20:35:26 +00:00 · 1998-10-13 20:35:26 +00:00 · 2c0cdb4289
commit 2c0cdb4289
parent 14a3005a7c
1 changed files with 8 additions and 2 deletions
--- a/mozilla/lib/layout/edtbuf.cpp
+++ b/mozilla/lib/layout/edtbuf.cpp
@ -13832,8 +13832,14 @@ NORMAL_PASTE:

 #if defined(ENDER) && defined(MOZ_ENDER_MIME)

-            if( m_bEmbedded )
-                AddImagesToSafeList(pElement);
+            // Commented out because of possible security hole. We don't want
+            // to allow users to accidentally copy and paste something like
+            // this:
+            //
+            //    <IMG SRC="file:/etc/passwd">
+            //
+            // if( m_bEmbedded )
+            //     AddImagesToSafeList(pElement);

 #endif /* ENDER && MOZ_ENDER_MIME */