Prevent USSD codes via Click to Call

Click to Call allows users to send a phone number from their Chrome
desktop instance to their Android phone. This number either comes from a
user's selection and sent via the context menu, or by clicking on a link
with a "tel:" href.
Sending from the context menu is gated by a regular expression and will
not allow any special characters like '#' or '*' to be contained in the
phone number.
Sending link hrefs does not go through that check as we assume the link
is a valid phone number. We do call GURL::GetContent() to get the number
which should discard anything after a (and including the) '#' character.
However, we also URL-decoded the resulting string before then sending it
over to Android, where we URL-decoded it again when constructing the
Dialer intent. This allows sending double-URL-encoded USSD tel links
which will be sent straight to the Dialer on certain Android versions
and device states.

The fix here is on both desktop and Android side:
Desktop:
 - URL-decode the number and ignore if it contains '#', '*' or '%'.
 - Send the raw number (URL-encoded) to Android
Android:
 - Verify that URL-decoding the received raw number is valid as above
 - Show the decoded number in the notification
 - Parse the raw number in Java into a Uri object for the Dialer

Together this makes sure that we only URL-decode tel: links once and
verify it on both sender and receiver side before passing it on to the
Android Dialer.

Bug: 1180510
Test: updated unit_tests and browser_tests to check for conversion
Change-Id: Idf380b629cdf00155ecab054398af69f37ec2ef9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2825704
Reviewed-by: Robert Kaplow <rkaplow@chromium.org>
Reviewed-by: David Jacobo <djacobo@chromium.org>
Reviewed-by: Gayane Petrosyan <gayane@chromium.org>
Reviewed-by: Istiaque Ahmed <lazyboy@chromium.org>
Reviewed-by: Peter Beverloo <peter@chromium.org>
Commit-Queue: Richard Knoll <knollr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#875572}
GitOrigin-RevId: e041be8dc8b5b9e3012e752c2636fcf1cd8b0b1d
1 file changed
tree: a3445a6cfeded71848f3e9349e89b7ea951200cc
  1. .style.yapf
  2. DEPS
  3. DIR_METADATA
  4. OWNERS
  5. accessibility/
  6. android/
  7. apply_cpplint_header_guard.py
  8. auto-nav.py
  9. autotest.py
  10. bash-completion
  11. binary_size/
  12. bisect-builds.py
  13. bisect_repackage/
  14. bisect_test.py
  15. boilerplate.py
  16. buildstate.bat
  17. buildstate.py
  18. cfi/
  19. check_ecs_deps/
  20. check_git_config.py
  21. check_grd_for_unused_strings.py
  22. checkbins/
  23. checklicenses/
  24. checkperms/
  25. checkteamtags/
  26. chrome_extensions/
  27. clang-format-js
  28. clang/
  29. code_coverage/
  30. compile_test/
  31. coverity/
  32. cr/
  33. cros/
  34. cygprofile/
  35. determinism/
  36. diagnose-me.py
  37. diagnosis/
  38. download_optimization_profile.py
  39. dromaeo_benchmark_runner/
  40. dump_process_memory/
  41. emacs/
  42. find_runtime_symbols/
  43. flags/
  44. flakiness/
  45. fuchsia/
  46. gdb/
  47. generate_library_loader/
  48. generate_shim_headers/
  49. generate_stubs/
  50. get_swarming_logs/
  51. git/
  52. gn/
  53. grit/
  54. gritsettings/
  55. gypv8sh.py
  56. idl_parser/
  57. imagediff/
  58. include_tracer.py
  59. infra/
  60. ipc_fuzzer/
  61. ipc_messages_log.py
  62. json_comment_eater/
  63. json_schema_compiler/
  64. json_to_struct/
  65. l10n/
  66. licenses.py
  67. linux/
  68. lldb/
  69. luci-go/
  70. mac/
  71. make-gtest-filter.py
  72. mb/
  73. md_browser/
  74. media_engagement_preload/
  75. memory/
  76. memory_inspector/
  77. metrics/
  78. msan/
  79. multi_process_rss.py
  80. nocompile_driver.py
  81. omahaproxy.py
  82. oopif/
  83. origin_trials/
  84. page_cycler/
  85. perf/
  86. perry.py
  87. polymer/
  88. privacy_budget/
  89. protoc_wrapper/
  90. python/
  91. real_world_impact/
  92. remove_duplicate_includes.py
  93. remove_stale_pyc_files.py
  94. resources/
  95. resultdb/
  96. roll_webgl_conformance.py
  97. run-swarmed.py
  98. security/
  99. site_compare/
  100. sort-headers.py
  101. sort_sources.py
  102. stats_viewer/
  103. strict_enum_value_checker/
  104. style_variable_generator/
  105. sublime/
  106. symsrc/
  107. tcmalloc/
  108. tests/
  109. traceline/
  110. traffic_annotation/
  111. translation/
  112. typescript/
  113. uberblame.py
  114. ubsan/
  115. unused-symbols-report.py
  116. update_pgo_profiles.py
  117. usb_gadget/
  118. v8_context_snapshot/
  119. valgrind/
  120. variations/
  121. vim/
  122. vscode/
  123. web_bluetooth/
  124. web_dev_style/
  125. win/
  126. yes_no.py