diff options
| author | Marcin Kosiba <mkosiba@google.com> | 2014-05-07 15:39:39 +0100 |
|---|---|---|
| committer | Marcin Kosiba <mkosiba@google.com> | 2014-05-07 15:40:47 +0100 |
| commit | 3f9c4f8bffbf1ab7fdbfdc39f320584968f57ffb (patch) | |
| tree | df4f2437529fc3858e68d0c4e6ae8260c45cf282 /src/com/android/browser | |
| parent | 05c0982edfe1a47516e339883b5026126f7a1df8 (diff) | |
| download | packages_apps_Browser-3f9c4f8bffbf1ab7fdbfdc39f320584968f57ffb.zip packages_apps_Browser-3f9c4f8bffbf1ab7fdbfdc39f320584968f57ffb.tar.gz packages_apps_Browser-3f9c4f8bffbf1ab7fdbfdc39f320584968f57ffb.tar.bz2 | |
Sanitize selector Intent when handling intent: scheme.
Android Intents have a selector field which, if present, are used
to search for the Activity to invoke. These must also be sanitized
before handing off to the OS.
BUG:14562482
Change-Id: I21752bc7841cf452ed42547acb6816f044130901
Diffstat (limited to 'src/com/android/browser')
| -rw-r--r-- | src/com/android/browser/UrlHandler.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/com/android/browser/UrlHandler.java b/src/com/android/browser/UrlHandler.java index 167d410..e21e3e8 100644 --- a/src/com/android/browser/UrlHandler.java +++ b/src/com/android/browser/UrlHandler.java @@ -160,6 +160,11 @@ public class UrlHandler { // security (only access to BROWSABLE activities). intent.addCategory(Intent.CATEGORY_BROWSABLE); intent.setComponent(null); + Intent selector = intent.getSelector(); + if (selector != null) { + selector.addCategory(Intent.CATEGORY_BROWSABLE); + selector.setComponent(null); + } // Re-use the existing tab if the intent comes back to us if (tab != null) { if (tab.getAppId() == null) { |