Backport bug 1479311 for Tor Browser for Android?

I guess we should think about backporting the patch for bug 1479311 which fixes an address bar spoofing vulnerability. The fix is pretty small and should not cause any regressions:

-        if (index == -1) {
+        if (index == -1 || url.startsWith("javascript:")) {