PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "HTML injection fix for bluetooth pairing, issue 65946"

Browse Source
This commit is contained in:
Matthew Xie
2014-02-27 21:32:50 +00:00
committed by Gerrit Code Review
parent 7f1c81b7b5 7b0686af2f
commit 85fb88ee10
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/com/android/settings/bluetooth/BluetoothPairingDialog.java
View File

@@ -207,8 +207,8 @@ public final class BluetoothPairingDialog extends AlertActivity implements
return null; return null;
} }
// Format the message string, then parse HTML style tags // HTML escape deviceName, Format the message string, then parse HTML style tags
String messageText = getString(messageId1, deviceName); String messageText = getString(messageId1, Html.escapeHtml(deviceName));
messageView.setText(Html.fromHtml(messageText)); messageView.setText(Html.fromHtml(messageText));
messageView2.setText(messageId2); messageView2.setText(messageId2);
mPairingView.setInputType(InputType.TYPE_CLASS_NUMBER); mPairingView.setInputType(InputType.TYPE_CLASS_NUMBER);
@@ -220,7 +220,8 @@ public final class BluetoothPairingDialog extends AlertActivity implements
private View createView(CachedBluetoothDeviceManager deviceManager) { private View createView(CachedBluetoothDeviceManager deviceManager) {
View view = getLayoutInflater().inflate(R.layout.bluetooth_pin_confirm, null); View view = getLayoutInflater().inflate(R.layout.bluetooth_pin_confirm, null);
String name = deviceManager.getName(mDevice); // Escape device name to avoid HTML injection.
String name = Html.escapeHtml(deviceManager.getName(mDevice));
TextView messageView = (TextView) view.findViewById(R.id.message); TextView messageView = (TextView) view.findViewById(R.id.message);
String messageText; // formatted string containing HTML style tags String messageText; // formatted string containing HTML style tags