* commit '04f3698345f804848ea7f03c6022dbdb0d8ac28d': DO NOT MERGE HTML injection fix for bluetooth pairing, issue 65946
This commit is contained in:
Rob Fletcher
Android Git Automerger
@@ -207,8 +207,8 @@ public final class BluetoothPairingDialog extends AlertActivity implements
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Format the message string, then parse HTML style tags
|
// HTML escape deviceName, Format the message string, then parse HTML style tags
|
||||||
String messageText = getString(messageId1, deviceName);
|
String messageText = getString(messageId1, Html.escapeHtml(deviceName));
|
||||||
messageView.setText(Html.fromHtml(messageText));
|
messageView.setText(Html.fromHtml(messageText));
|
||||||
messageView2.setText(messageId2);
|
messageView2.setText(messageId2);
|
||||||
mPairingView.setInputType(InputType.TYPE_CLASS_NUMBER);
|
mPairingView.setInputType(InputType.TYPE_CLASS_NUMBER);
|
||||||
@@ -220,7 +220,8 @@ public final class BluetoothPairingDialog extends AlertActivity implements
|
|||||||
|
|
||||||
private View createView(CachedBluetoothDeviceManager deviceManager) {
|
private View createView(CachedBluetoothDeviceManager deviceManager) {
|
||||||
View view = getLayoutInflater().inflate(R.layout.bluetooth_pin_confirm, null);
|
View view = getLayoutInflater().inflate(R.layout.bluetooth_pin_confirm, null);
|
||||||
String name = deviceManager.getName(mDevice);
|
// Escape device name to avoid HTML injection.
|
||||||
|
String name = Html.escapeHtml(deviceManager.getName(mDevice));
|
||||||
TextView messageView = (TextView) view.findViewById(R.id.message);
|
TextView messageView = (TextView) view.findViewById(R.id.message);
|
||||||
|
|
||||||
String messageText; // formatted string containing HTML style tags
|
String messageText; // formatted string containing HTML style tags
|
||||||
|
|||||||
Reference in New Issue
Block a user