diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-02-05 19:11:11 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-05 19:11:11 +0100 |
commit | 6b5575eb99714967b38aa2b2b71e5e72d2f97b81 (patch) | |
tree | f4095034e32949a2addf8b1f56853f2c74298fdb /mobile | |
parent | 6f0f1f85ebf218aef8839e17442dbaf15460be4f (diff) | |
download | uxp-6b5575eb99714967b38aa2b2b71e5e72d2f97b81.tar.gz |
Reject opening intents with file data schemes.
Diffstat (limited to 'mobile')
-rw-r--r-- | mobile/android/base/java/org/mozilla/gecko/IntentHelper.java | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java index efe9576d7d..e2f34f926b 100644 --- a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java +++ b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java @@ -287,6 +287,12 @@ public final class IntentHelper implements GeckoEventListener, return null; } + final Uri data = intent.getData(); + if (data != null && "file".equals(data.normalizeScheme().getScheme())) { + Log.w(LOGTAG, "Blocked intent with \"file://\" data scheme."); + return null; + } + // Only open applications which can accept arbitrary data from a browser. intent.addCategory(Intent.CATEGORY_BROWSABLE); |