Prevent HTML Injection on the Device Admin request screen am: 80c3f6d4d8

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/14167794 Change-Id: Iac38c0d7f7517c8d4ecac036e73524d37c66fb6e
2021-04-29 06:21:38 +00:00
parent d2ee0db550 80c3f6d4d8
commit 26f3013c32
1 changed files with 7 additions and 3 deletions
--- a/src/com/android/settings/DeviceAdminAdd.java
+++ b/src/com/android/settings/DeviceAdminAdd.java
@@ -97,7 +97,7 @@ public class DeviceAdminAdd extends Activity {
    DevicePolicyManager mDPM;
    AppOpsManager mAppOps;
    DeviceAdminInfo mDeviceAdmin;
-    CharSequence mAddMsgText;
+    String mAddMsgText;
    String mProfileOwnerName;

    ImageView mAdminIcon;
@@ -276,7 +276,11 @@ public class DeviceAdminAdd extends Activity {
            return;
        }

-        mAddMsgText = getIntent().getCharSequenceExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION);
+        final CharSequence addMsgCharSequence = getIntent().getCharSequenceExtra(
+                DevicePolicyManager.EXTRA_ADD_EXPLANATION);
+        if (addMsgCharSequence != null) {
+            mAddMsgText = addMsgCharSequence.toString();
+        }

        setContentView(R.layout.device_admin_add);

@@ -568,7 +572,7 @@ public class DeviceAdminAdd extends Activity {
        if (mAddingProfileOwner) {
            mProfileOwnerWarning.setVisibility(View.VISIBLE);
        }
-        if (mAddMsgText != null) {
+         if (!TextUtils.isEmpty(mAddMsgText)) {
            mAddMsg.setText(mAddMsgText);
            mAddMsg.setVisibility(View.VISIBLE);
        } else {