Backport bug 1479311 for Tor Browser for Android?
I guess we should think about backporting the patch for bug 1479311 which fixes an address bar spoofing vulnerability. The fix is pretty small and should not cause any regressions:
- if (index == -1) {
+ if (index == -1 || url.startsWith("javascript:")) {