diff options
author | Marcin Kosiba <mkosiba@google.com> | 2014-05-07 15:39:39 +0100 |
---|---|---|
committer | Marcin Kosiba <mkosiba@google.com> | 2014-05-07 15:39:39 +0100 |
commit | bac9c87bcdfba871f325bda3266b077bcee6b93c (patch) | |
tree | 6668f6ac4336cb3960e1c4000253477416b1fa62 | |
parent | c64a55dea1445bc5d88756a74cae32fa1b0fb533 (diff) | |
download | Browser-bac9c87bcdfba871f325bda3266b077bcee6b93c.tar.gz |
Sanitize selector Intent when handling intent: scheme.
Android Intents have a selector field which, if present, are used
to search for the Activity to invoke. These must also be sanitized
before handing off to the OS.
BUG:14562482
Change-Id: I21752bc7841cf452ed42547acb6816f044130901
-rw-r--r-- | src/com/android/browser/UrlHandler.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/com/android/browser/UrlHandler.java b/src/com/android/browser/UrlHandler.java index 167d4105..e21e3e87 100644 --- a/src/com/android/browser/UrlHandler.java +++ b/src/com/android/browser/UrlHandler.java @@ -160,6 +160,11 @@ public class UrlHandler { // security (only access to BROWSABLE activities). intent.addCategory(Intent.CATEGORY_BROWSABLE); intent.setComponent(null); + Intent selector = intent.getSelector(); + if (selector != null) { + selector.addCategory(Intent.CATEGORY_BROWSABLE); + selector.setComponent(null); + } // Re-use the existing tab if the intent comes back to us if (tab != null) { if (tab.getAppId() == null) { |