Gitiles
Code Review Sign In
review.blissroms.org / platform_packages_apps_Settings / 80c3f6d4d84f822d1c3f41e6cb55fc05130e2b17
commit80c3f6d4d84f822d1c3f41e6cb55fc05130e2b17[log] [tgz]
authorTsung-Mao Fang <tmfang@google.com>Tue Apr 13 16:26:12 2021 +0800
committerTsung-Mao Fang <tmfang@google.com>Wed Apr 14 12:19:21 2021 +0000
treebecf0b1c46008f152bed7505fa057df96a46b4d7
parentf43af46d1d834af34c0bdbdf0c2e4e596546668d [diff]
Prevent HTML Injection on the Device Admin request screen

The root issue is that CharSequence is an interface.
String implements that interface, however, Spanned class
too which is a rich text format that can store HTML code.

The solution is enforce to use String type which won't include
any HTML function.

Test: Rebuilt apk and see the string without HTML style.
Bug: 179042963
Change-Id: I53b460b12da918e022d2f2934f114d205dbaadb0
Merged-In: I53b460b12da918e022d2f2934f114d205dbaadb0
1 file changed
tree: becf0b1c46008f152bed7505fa057df96a46b4d7
  1. res/
  2. src/
  3. tests/
  4. Android.mk
  5. AndroidManifest.xml
  6. CleanSpec.mk
  7. MODULE_LICENSE_APACHE2
  8. NOTICE
  9. PREUPLOAD.cfg
  10. proguard.flags
  11. wrap_alpha.py