Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 85fb88ee authored by Matthew Xie's avatar Matthew Xie Committed by Gerrit Code Review
Browse files

Merge "HTML injection fix for bluetooth pairing, issue 65946"

parents 7f1c81b7 7b0686af

src/com/android/settings/bluetooth/BluetoothPairingDialog.java

+4 −3
Original line number Diff line number Diff line
@@ -207,8 +207,8 @@ public final class BluetoothPairingDialog extends AlertActivity implements 
                return null;

        }



        // Format the message string, then parse HTML style tags

        String messageText = getString(messageId1, deviceName);

        // HTML escape deviceName, Format the message string, then parse HTML style tags

        String messageText = getString(messageId1, Html.escapeHtml(deviceName));

        messageView.setText(Html.fromHtml(messageText));

        messageView2.setText(messageId2);

        mPairingView.setInputType(InputType.TYPE_CLASS_NUMBER);
@@ -220,7 +220,8 @@ public final class BluetoothPairingDialog extends AlertActivity implements 


    private View createView(CachedBluetoothDeviceManager deviceManager) {

        View view = getLayoutInflater().inflate(R.layout.bluetooth_pin_confirm, null);

        String name = deviceManager.getName(mDevice);

	// Escape device name to avoid HTML injection.

        String name = Html.escapeHtml(deviceManager.getName(mDevice));

        TextView messageView = (TextView) view.findViewById(R.id.message);



        String messageText; // formatted string containing HTML style tags