diff options
| author | Paul Miller <paulmiller@google.com> | 2015-05-18 11:16:19 -0700 |
|---|---|---|
| committer | Paul Miller <paulmiller@google.com> | 2015-05-18 11:16:19 -0700 |
| commit | ec090f9c44460676cc5760c309cbee0eba92de9a (patch) | |
| tree | 5a68adeb39589a18990954c5068e817b72d5bc34 | |
| parent | 17ba7411ec56e29d11ceb75e620ba86ac43fa95e (diff) | |
| download | Browser-marshmallow-dr-release.tar.gz | |
Don't view images with src="javascript:..."android-cts-6.0_r9android-cts-6.0_r8android-cts-6.0_r7android-cts-6.0_r6android-cts-6.0_r5android-cts-6.0_r4android-cts-6.0_r32android-cts-6.0_r31android-cts-6.0_r30android-cts-6.0_r3android-cts-6.0_r29android-cts-6.0_r28android-cts-6.0_r27android-cts-6.0_r26android-cts-6.0_r25android-cts-6.0_r24android-cts-6.0_r23android-cts-6.0_r22android-cts-6.0_r21android-cts-6.0_r20android-cts-6.0_r2android-cts-6.0_r19android-cts-6.0_r18android-cts-6.0_r17android-cts-6.0_r16android-cts-6.0_r15android-cts-6.0_r14android-cts-6.0_r13android-cts-6.0_r12android-cts-6.0_r1android-6.0.1_r9android-6.0.1_r81android-6.0.1_r80android-6.0.1_r8android-6.0.1_r79android-6.0.1_r78android-6.0.1_r77android-6.0.1_r74android-6.0.1_r73android-6.0.1_r72android-6.0.1_r70android-6.0.1_r7android-6.0.1_r69android-6.0.1_r68android-6.0.1_r67android-6.0.1_r66android-6.0.1_r65android-6.0.1_r63android-6.0.1_r62android-6.0.1_r61android-6.0.1_r60android-6.0.1_r59android-6.0.1_r58android-6.0.1_r57android-6.0.1_r56android-6.0.1_r55android-6.0.1_r54android-6.0.1_r53android-6.0.1_r52android-6.0.1_r51android-6.0.1_r50android-6.0.1_r5android-6.0.1_r49android-6.0.1_r48android-6.0.1_r47android-6.0.1_r46android-6.0.1_r45android-6.0.1_r43android-6.0.1_r42android-6.0.1_r41android-6.0.1_r40android-6.0.1_r4android-6.0.1_r33android-6.0.1_r32android-6.0.1_r31android-6.0.1_r30android-6.0.1_r3android-6.0.1_r28android-6.0.1_r27android-6.0.1_r26android-6.0.1_r25android-6.0.1_r24android-6.0.1_r22android-6.0.1_r21android-6.0.1_r20android-6.0.1_r18android-6.0.1_r17android-6.0.1_r16android-6.0.1_r13android-6.0.1_r12android-6.0.1_r11android-6.0.1_r10android-6.0.1_r1android-6.0.0_r7android-6.0.0_r6android-6.0.0_r5android-6.0.0_r41android-6.0.0_r4android-6.0.0_r3android-6.0.0_r26android-6.0.0_r25android-6.0.0_r24android-6.0.0_r23android-6.0.0_r2android-6.0.0_r13android-6.0.0_r12android-6.0.0_r11android-6.0.0_r1marshmallow-releasemarshmallow-mr3-releasemarshmallow-mr2-releasemarshmallow-mr1-releasemarshmallow-mr1-devmarshmallow-dr1.6-releasemarshmallow-dr1.5-releasemarshmallow-dr1.5-devmarshmallow-dr-releasemarshmallow-dr-dragon-releasemarshmallow-dr-devmarshmallow-devmarshmallow-cts-release
BUG:19296937
cherry-pick of 0d75bdd4654a2352df68709c04c773d383a58054 from master
Change-Id: Ic3597a22a3b0c1f90cdd737e735904beaf35a58e
| -rw-r--r-- | src/com/android/browser/Controller.java | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/src/com/android/browser/Controller.java b/src/com/android/browser/Controller.java index 3e4ae66c..934f70f7 100644 --- a/src/com/android/browser/Controller.java +++ b/src/com/android/browser/Controller.java @@ -151,6 +151,13 @@ public class Controller // "no-crash-recovery" parameter in intent to suppress crash recovery final static String NO_CRASH_RECOVERY = "no-crash-recovery"; + // Only view images using these schemes + private static final String[] IMAGE_VIEWABLE_SCHEMES = { + "http", + "https", + "file" + }; + // A bitmap that is re-used in createScreenshot as scratch space private static Bitmap sThumbnailBitmap; @@ -1409,7 +1416,12 @@ public class Controller .setOnMenuItemClickListener(new OnMenuItemClickListener() { @Override public boolean onMenuItemClick(MenuItem item) { - openTab(extra, mTabControl.getCurrentTab(), true, true); + if (isImageViewableUri(Uri.parse(extra))) { + openTab(extra, mTabControl.getCurrentTab(), true, true); + } else { + Log.e(LOGTAG, "Refusing to view image with invalid URI, \"" + + extra + "\""); + } return false; } }); @@ -1429,6 +1441,16 @@ public class Controller mUi.onContextMenuCreated(menu); } + private static boolean isImageViewableUri(Uri uri) { + String scheme = uri.getScheme(); + for (String allowed : IMAGE_VIEWABLE_SCHEMES) { + if (allowed.equals(scheme)) { + return true; + } + } + return false; + } + /** * As the menu can be open when loading state changes * we must manually update the state of the stop/reload menu |