commit e53935623c1da11a7b327542667dba32ddd95017 Author: Eugen Sawin <esawin@mozilla.com> Date: Tue Apr 24 19:09:24 2018 -0300 Bug 1356893 - Reject opening intents with file data schemes. r=sebastian, r=nalexander --HG-- extra : rebase_source : 1f764df3309b3641f124915b1a1204afbbd8354a --- mobile/android/base/java/org/mozilla/gecko/IntentHelper.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java index efe9576d7d19..e2f34f926b72 100644 --- a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java +++ b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java @@ -287,6 +287,12 @@ public final class IntentHelper implements GeckoEventListener, return null; } + final Uri data = intent.getData(); + if (data != null && "file".equals(data.normalizeScheme().getScheme())) { + Log.w(LOGTAG, "Blocked intent with \"file://\" data scheme."); + return null; + } + // Only open applications which can accept arbitrary data from a browser. intent.addCategory(Intent.CATEGORY_BROWSABLE);