Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 04f36983 authored by Rob Fletcher's avatar Rob Fletcher Committed by Android Git Automerger
Browse files

am 549a39b4: DO NOT MERGE HTML injection fix for bluetooth pairing, issue 65946 

* commit '549a39b4':
  DO NOT MERGE HTML injection fix for bluetooth pairing, issue 65946
parents 63a354ee 549a39b4

src/com/android/settings/bluetooth/BluetoothPairingDialog.java

+4 −3
Original line number Diff line number Diff line
@@ -207,8 +207,8 @@ public final class BluetoothPairingDialog extends AlertActivity implements 
                return null;

        }



        // Format the message string, then parse HTML style tags

        String messageText = getString(messageId1, deviceName);

        // HTML escape deviceName, Format the message string, then parse HTML style tags

        String messageText = getString(messageId1, Html.escapeHtml(deviceName));

        messageView.setText(Html.fromHtml(messageText));

        messageView2.setText(messageId2);

        mPairingView.setInputType(InputType.TYPE_CLASS_NUMBER);
@@ -220,7 +220,8 @@ public final class BluetoothPairingDialog extends AlertActivity implements 


    private View createView(CachedBluetoothDeviceManager deviceManager) {

        View view = getLayoutInflater().inflate(R.layout.bluetooth_pin_confirm, null);

        String name = deviceManager.getName(mDevice);

	// Escape device name to avoid HTML injection.

        String name = Html.escapeHtml(deviceManager.getName(mDevice));

        TextView messageView = (TextView) view.findViewById(R.id.message);



        String messageText; // formatted string containing HTML style tags