Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c7387da8 authored by Chen Xu's avatar Chen Xu
Browse files

Fix WebView vulnerability by disallowing file access 

Fix webvuew vulnerability inside captiveportal activity by disallowing
access private file in app's sandbox.

Bug: 150610071
Test: Build
Change-Id: I67e695478476b6ee9cf21ed41213f25441d9776a
(cherry picked from commit fef654ff)
Merged-in: I67e695478476b6ee9cf21ed41213f25441d9776a
parent bf7cb1ca

packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java

+1 −0
Original line number Diff line number Diff line
@@ -106,6 +106,7 @@ public class CaptivePortalLoginActivity extends Activity { 
        webSettings.setSupportZoom(true);

        webSettings.setBuiltInZoomControls(true);

        webSettings.setDomStorageEnabled(true);

        webSettings.setAllowFileAccess(false);

        mWebViewClient = new MyWebViewClient();

        mWebView.setWebViewClient(mWebViewClient);

        mWebView.setWebChromeClient(new MyWebChromeClient());