From f0eff89b86c2d84301dea00d15e02ee480ee6e7a Mon Sep 17 00:00:00 2001 From: John Reck Date: Mon, 17 Oct 2011 12:35:15 -0700 Subject: HTML escape most visited Bug: 5471514 Change-Id: Ie3f175cc8ef9fd6e66ee6ced7a0cd383e04458e2 --- .../android/browser/homepages/RequestHandler.java | 25 +++++++++++++--------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/src/com/android/browser/homepages/RequestHandler.java b/src/com/android/browser/homepages/RequestHandler.java index e0a0eac..defda61 100644 --- a/src/com/android/browser/homepages/RequestHandler.java +++ b/src/com/android/browser/homepages/RequestHandler.java @@ -16,23 +16,24 @@ */ package com.android.browser.homepages; -import com.android.browser.R; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - import android.content.Context; import android.content.UriMatcher; import android.content.res.Resources; import android.database.Cursor; import android.net.Uri; import android.provider.Browser; +import android.text.TextUtils; import android.util.Base64; import android.util.Log; +import com.android.browser.R; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + public class RequestHandler extends Thread { private static final String TAG = "RequestHandler"; @@ -79,6 +80,10 @@ public class RequestHandler extends Thread { } } + byte[] htmlEncode(String s) { + return TextUtils.htmlEncode(s).getBytes(); + } + void writeTemplatedIndex() throws IOException { Template t = Template.getCachedTemplate(mContext, R.raw.most_visited); Cursor cursor = mContext.getContentResolver().query(Browser.BOOKMARKS_URI, @@ -90,9 +95,9 @@ public class RequestHandler extends Thread { public void writeValue(OutputStream stream, String key) throws IOException { Cursor cursor = getCursor(); if (key.equals("url")) { - stream.write(cursor.getString(0).getBytes()); + stream.write(htmlEncode(cursor.getString(0))); } else if (key.equals("title")) { - stream.write(cursor.getString(1).getBytes()); + stream.write(htmlEncode(cursor.getString(1))); } else if (key.equals("thumbnail")) { stream.write("data:image/png;base64,".getBytes()); byte[] thumb = cursor.getBlob(2); -- cgit v1.1