Add scheme whitelist for content intents
Add a whitelist for content intents sent when the user taps
on an address, email address, or phone number.
BUG=659477
TBR=aelias@chromium.org
Review URL: https://codereview.chromium.org/2455753002 .
Review-Url: https://codereview.chromium.org/2448363003
Cr-Original-Commit-Position: refs/heads/master@{#427758}
Cr-Commit-Position: refs/branch-heads/2840@{#778}
Cr-Branched-From: 1ae106dbab4bddd85132d5b75c670794311f4c57-refs/heads/master@{#414607}
diff --git a/content/public/android/java/src/org/chromium/content/browser/ContentViewClient.java b/content/public/android/java/src/org/chromium/content/browser/ContentViewClient.java
index d5b89bc6..c4307ab5 100644
--- a/content/public/android/java/src/org/chromium/content/browser/ContentViewClient.java
+++ b/content/public/android/java/src/org/chromium/content/browser/ContentViewClient.java
@@ -26,12 +26,16 @@
*/
public class ContentViewClient {
// Tag used for logging.
- private static final String TAG = "cr.ContentViewClient";
+ private static final String TAG = "cr_ContentViewClient";
// Default value to signal that the ContentView's size should not be overridden.
private static final int UNSPECIFIED_MEASURE_SPEC =
MeasureSpec.makeMeasureSpec(0, MeasureSpec.UNSPECIFIED);
+ private static final String GEO_SCHEME = "geo";
+ private static final String TEL_SCHEME = "tel";
+ private static final String MAILTO_SCHEME = "mailto";
+
public void onUpdateTitle(String title) {
}
@@ -144,6 +148,14 @@
// Perform generic parsing of the URI to turn it into an Intent.
try {
intent = Intent.parseUri(intentUrl, Intent.URI_INTENT_SCHEME);
+
+ String scheme = intent.getScheme();
+ if (!scheme.equals(GEO_SCHEME) && !scheme.equals(TEL_SCHEME)
+ && !scheme.equals(MAILTO_SCHEME)) {
+ Log.w(TAG, "Invalid scheme for URI %s", intentUrl);
+ return;
+ }
+
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
} catch (Exception ex) {
Log.w(TAG, "Bad URI %s", intentUrl, ex);