[FXIOS-10937] Bugzilla 1933079

mozilla-mobile · Jan 17, 2025 · 68e2ea9 · 68e2ea9
1 parent 5e0ea42
commit 68e2ea9
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/firefox-ios/Client/Frontend/Browser/BrowserViewController/Views/BrowserViewController.swift b/firefox-ios/Client/Frontend/Browser/BrowserViewController/Views/BrowserViewController.swift
@@ -1935,6 +1935,12 @@ class BrowserViewController: UIViewController,
             // Ensure we do have a URL from that observer
             guard let url = webView.url else { return }
 
+            // Security safety check (Bugzilla #1933079)
+            if let internalURL = InternalURL(url), internalURL.isErrorPage, !internalURL.isAuthorized {
+                tabManager.selectedTab?.webView?.load(URLRequest(url: URL(string: "about:blank")!))
+                return
+            }
+
             // To prevent spoofing, only change the URL immediately if the new URL is on
             // the same origin as the current URL. Otherwise, do nothing and wait for
             // didCommitNavigation to confirm the page load.