From 6b5575eb99714967b38aa2b2b71e5e72d2f97b81 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Mon, 5 Feb 2018 19:11:11 +0100
Subject: Reject opening intents with file data schemes.

---
 mobile/android/base/java/org/mozilla/gecko/IntentHelper.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
index efe9576d7..e2f34f926 100644
--- a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
+++ b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java
@@ -287,6 +287,12 @@ public final class IntentHelper implements GeckoEventListener,
                 return null;
             }
 
+            final Uri data = intent.getData();
+            if (data != null && "file".equals(data.normalizeScheme().getScheme())) {
+                Log.w(LOGTAG, "Blocked intent with \"file://\" data scheme.");
+                return null;
+            }
+
             // Only open applications which can accept arbitrary data from a browser.
             intent.addCategory(Intent.CATEGORY_BROWSABLE);
 
-- 
cgit v1.2.3