From 3368986490028be41351d4329fb4976df2eb75e1 Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Wed, 23 Mar 2016 10:27:37 +0100
Subject: Bug 1254226: XSS through javascript: callback URLs in auth delegation
 r=dylan

---
 auth.cgi | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'auth.cgi')

diff --git a/auth.cgi b/auth.cgi
index b24957185..3f4590953 100755
--- a/auth.cgi
+++ b/auth.cgi
@@ -40,6 +40,8 @@ trick_taint($callback);
 trick_taint($description);
 
 my $callback_uri  = URI->new($callback);
+$callback_uri->scheme =~ /^https?$/
+  or ThrowUserError('auth_delegation_illegal_protocol', { protocol => $callback_uri->scheme });
 my $callback_base = $callback_uri->clone;
 $callback_base->query(undef);
 
-- 
cgit v1.2.3-24-g4f1b