Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 0bf3c98b authored by Tsung-Mao Fang's avatar Tsung-Mao Fang
Browse files

Prevent HTML Injection on the Device Admin request screen 

The root issue is that CharSequence is an interface.
String implements that interface, however, Spanned class
too which is a rich text format that can store HTML code.

The solution is enforce to use String type which won't include
any HTML function.

Test: Rebuilt apk and see the string without HTML style.
Bug: 179042963
Change-Id: I53b460b12da918e022d2f2934f114d205dbaadb0
parent 8d8877b6
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment