From f0d58fa94869da65e5a16c54e99e17bce06cc4a3 Mon Sep 17 00:00:00 2001
From: Dan Stillman <dstillman@zotero.org>
Date: Sat, 9 Oct 2010 20:33:55 +0000
Subject: [PATCH] Don't load javascript: and data: URIs from URI field

---
 chrome/content/zotero/overlay.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/chrome/content/zotero/overlay.js b/chrome/content/zotero/overlay.js
index 787ec886a..33e94154d 100644
--- a/chrome/content/zotero/overlay.js
+++ b/chrome/content/zotero/overlay.js
@@ -2557,6 +2557,11 @@ var ZoteroPane = new function()
 	 *  shift-click == new window, no modifier == frontmost tab
 	 */
 	function loadURI(uri, event, data) {
+		// Ignore javascript: and data: URIs
+		if (uri.match(/^(javascript|data):/)) {
+			return;
+		}
+		
 		if (Zotero.isStandalone && uri.match(/^https?/)) {
 			var io = Components.classes['@mozilla.org/network/io-service;1']
 						.getService(Components.interfaces.nsIIOService);