commit e53935623c1da11a7b327542667dba32ddd95017 Author: Eugen Sawin esawin@mozilla.com Date: Tue Apr 24 19:09:24 2018 -0300
Bug 1356893 - Reject opening intents with file data schemes. r=sebastian, r=nalexander
--HG-- extra : rebase_source : 1f764df3309b3641f124915b1a1204afbbd8354a --- mobile/android/base/java/org/mozilla/gecko/IntentHelper.java | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java index efe9576d7d19..e2f34f926b72 100644 --- a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java +++ b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java @@ -287,6 +287,12 @@ public final class IntentHelper implements GeckoEventListener, return null; }
+ final Uri data = intent.getData(); + if (data != null && "file".equals(data.normalizeScheme().getScheme())) { + Log.w(LOGTAG, "Blocked intent with "file://" data scheme."); + return null; + } + // Only open applications which can accept arbitrary data from a browser. intent.addCategory(Intent.CATEGORY_BROWSABLE);