Reject opening intents with file data schemes.

author: wolfbeast <mcwerewolf@gmail.com> 2018-02-05 19:11:11 +0100
committer: wolfbeast <mcwerewolf@gmail.com> 2018-02-05 19:11:11 +0100
commit: 3fbeb6628070b6d56f13f8c816d5b279040836c7 (patch)
tree: f4095034e32949a2addf8b1f56853f2c74298fdb /mobile
parent: 1bf3b3563270316e03afc07d9ee5649bf08ee123 (diff)
download: uxp-3fbeb6628070b6d56f13f8c816d5b279040836c7.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
index efe9576d7d..e2f34f926b 100644
--- a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
+++ b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
@@ -287,6 +287,12 @@ public final class IntentHelper implements GeckoEventListener,
                 return null;
             }
 
+            final Uri data = intent.getData();
+            if (data != null && "file".equals(data.normalizeScheme().getScheme())) {
+                Log.w(LOGTAG, "Blocked intent with \"file://\" data scheme.");
+                return null;
+            }
+
             // Only open applications which can accept arbitrary data from a browser.
             intent.addCategory(Intent.CATEGORY_BROWSABLE);
author	wolfbeast <mcwerewolf@gmail.com>	2018-02-05 19:11:11 +0100
committer	wolfbeast <mcwerewolf@gmail.com>	2018-02-05 19:11:11 +0100
commit	3fbeb6628070b6d56f13f8c816d5b279040836c7 (patch)
tree	f4095034e32949a2addf8b1f56853f2c74298fdb /mobile
parent	1bf3b3563270316e03afc07d9ee5649bf08ee123 (diff)
download	uxp-3fbeb6628070b6d56f13f8c816d5b279040836c7.tar.gz