From dba6453761894a2727313e6dfe132704dc1a2d27 Mon Sep 17 00:00:00 2001
From: Garvan Keeley <garvankeeley@gmail.com>
Date: Tue, 31 Mar 2020 14:15:47 -0400
Subject: [PATCH] Fix #6315 - disallow data URL as top-level navigation

---
 .../BrowserViewController+WebViewDelegates.swift           | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Client/Frontend/Browser/BrowserViewController/BrowserViewController+WebViewDelegates.swift b/Client/Frontend/Browser/BrowserViewController/BrowserViewController+WebViewDelegates.swift
index 22ff1b2ef268..f76d64063a86 100644
--- a/Client/Frontend/Browser/BrowserViewController/BrowserViewController+WebViewDelegates.swift
+++ b/Client/Frontend/Browser/BrowserViewController/BrowserViewController+WebViewDelegates.swift
@@ -431,10 +431,15 @@ extension BrowserViewController: WKNavigationDelegate {
             return
         }
 
+        if url.scheme == "data" {
+            decisionHandler(.cancel)
+            return
+        }
+
         // This is the normal case, opening a http or https url, which we handle by loading them in this WKWebView. We
         // always allow this. Additionally, data URIs are also handled just like normal web pages.
 
-        if ["http", "https", "data", "blob", "file"].contains(url.scheme) {
+        if ["http", "https", "blob", "file"].contains(url.scheme) {
             if navigationAction.targetFrame?.isMainFrame ?? false {
                 tab.changedUserAgent = Tab.ChangeUserAgent.contains(url: url)
             }