From be9cb36c6ed3d7a0c5bd570e39a029d90f19e77d Mon Sep 17 00:00:00 2001
From: TYM Tsai <tymtsai@google.com>
Date: Mon, 19 Dec 2022 15:19:46 +0800
Subject: [PATCH] Fix html injection in Autofill confirmation dialog

AutofillService can inject html in its label. The label will
be padded with line breaks which puts the warning off screen.
To fix the issue, disable html injection of the label.

Bug: 216117246
Test: Manual, check the label of the sample in
      the confirmation dialog
Change-Id: I244d8e9eadbacae6af615d1d2a5a99c86e4fa456
---
 .../applications/defaultapps/DefaultAutofillPicker.java         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/com/android/settings/applications/defaultapps/DefaultAutofillPicker.java b/src/com/android/settings/applications/defaultapps/DefaultAutofillPicker.java
index f1e7ac0974c..d96aa6be61f 100644
--- a/src/com/android/settings/applications/defaultapps/DefaultAutofillPicker.java
+++ b/src/com/android/settings/applications/defaultapps/DefaultAutofillPicker.java
@@ -243,7 +243,7 @@ public class DefaultAutofillPicker extends DefaultAppPickerFragment {
         }
         final CharSequence appName = appInfo.loadLabel();
         final String message = getContext().getString(
-                R.string.autofill_confirmation_message, appName);
+                R.string.autofill_confirmation_message, Html.escapeHtml(appName));
         return Html.fromHtml(message);
     }