summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-02-05 19:11:11 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-02-05 19:11:11 +0100
commit6b5575eb99714967b38aa2b2b71e5e72d2f97b81 (patch)
treef4095034e32949a2addf8b1f56853f2c74298fdb
parent6f0f1f85ebf218aef8839e17442dbaf15460be4f (diff)
downloadUXP-6b5575eb99714967b38aa2b2b71e5e72d2f97b81.tar
UXP-6b5575eb99714967b38aa2b2b71e5e72d2f97b81.tar.gz
UXP-6b5575eb99714967b38aa2b2b71e5e72d2f97b81.tar.lz
UXP-6b5575eb99714967b38aa2b2b71e5e72d2f97b81.tar.xz
UXP-6b5575eb99714967b38aa2b2b71e5e72d2f97b81.zip
Reject opening intents with file data schemes.
-rw-r--r--mobile/android/base/java/org/mozilla/gecko/IntentHelper.java6
1 files changed, 6 insertions, 0 deletions
diff --git a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
index efe9576d7..e2f34f926 100644
--- a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
+++ b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
@@ -287,6 +287,12 @@ public final class IntentHelper implements GeckoEventListener,
return null;
}
+ final Uri data = intent.getData();
+ if (data != null && "file".equals(data.normalizeScheme().getScheme())) {
+ Log.w(LOGTAG, "Blocked intent with \"file://\" data scheme.");
+ return null;
+ }
+
// Only open applications which can accept arbitrary data from a browser.
intent.addCategory(Intent.CATEGORY_BROWSABLE);