diff options
| author | Paul Miller <paulmiller@google.com> | 2015-05-13 16:56:46 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2015-05-13 16:56:48 +0000 |
| commit | 41c050d8ff87c95377a80646b6e6683983be8ab7 (patch) | |
| tree | 8898bfa2ab185d82231fed813270cbd705a24eba | |
| parent | 6500db1a3e369767e9fa3a0fc00bd5676b8f7041 (diff) | |
| parent | 0d75bdd4654a2352df68709c04c773d383a58054 (diff) | |
| download | Browser-master.tar.gz | |
Merge "Don't view images with src="javascript:...""HEADandroid-m-preview-2android-m-preview-1android-m-previewmastermain
| -rw-r--r-- | src/com/android/browser/Controller.java | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/src/com/android/browser/Controller.java b/src/com/android/browser/Controller.java index 3e4ae66c..934f70f7 100644 --- a/src/com/android/browser/Controller.java +++ b/src/com/android/browser/Controller.java @@ -151,6 +151,13 @@ public class Controller // "no-crash-recovery" parameter in intent to suppress crash recovery final static String NO_CRASH_RECOVERY = "no-crash-recovery"; + // Only view images using these schemes + private static final String[] IMAGE_VIEWABLE_SCHEMES = { + "http", + "https", + "file" + }; + // A bitmap that is re-used in createScreenshot as scratch space private static Bitmap sThumbnailBitmap; @@ -1409,7 +1416,12 @@ public class Controller .setOnMenuItemClickListener(new OnMenuItemClickListener() { @Override public boolean onMenuItemClick(MenuItem item) { - openTab(extra, mTabControl.getCurrentTab(), true, true); + if (isImageViewableUri(Uri.parse(extra))) { + openTab(extra, mTabControl.getCurrentTab(), true, true); + } else { + Log.e(LOGTAG, "Refusing to view image with invalid URI, \"" + + extra + "\""); + } return false; } }); @@ -1429,6 +1441,16 @@ public class Controller mUi.onContextMenuCreated(menu); } + private static boolean isImageViewableUri(Uri uri) { + String scheme = uri.getScheme(); + for (String allowed : IMAGE_VIEWABLE_SCHEMES) { + if (allowed.equals(scheme)) { + return true; + } + } + return false; + } + /** * As the menu can be open when loading state changes * we must manually update the state of the stop/reload menu |