Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_apps_Settings / 92d5e58003ec1ac224eaa1288a826f2fe9f6da27^1..92d5e58003ec1ac224eaa1288a826f2fe9f6da27 / .
commit92d5e58003ec1ac224eaa1288a826f2fe9f6da27[log] [tgz]
authorTsung-Mao Fang <tmfang@google.com>Tue Apr 27 12:55:29 2021 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Tue Apr 27 12:55:29 2021 +0000
treebccd7602597504dcdb39cddff0e362ba7a02a758
parentf7682416b6dc91e4b6d408e3dc98b7959abcc507 [diff]
parentf470b78ff29dc79bc6dd9087546c423b32a49d38 [diff]
Prevent HTML Injection on the Device Admin request screen am: 52f9039d5c am: 6ac45a7ceb am: f470b78ff2

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/14167797

Change-Id: If97943cb25cbbe5388a9b5d28faa50b4df156aad

diff --git a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
index 9afb2b4..113922e 100644
--- a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
+++ b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java

@@ -102,7 +102,7 @@
     DevicePolicyManager mDPM;
     AppOpsManager mAppOps;
     DeviceAdminInfo mDeviceAdmin;
-    CharSequence mAddMsgText;
+    String mAddMsgText;
     String mProfileOwnerName;
 
     ImageView mAdminIcon;
@@ -274,7 +274,11 @@
             }
         }
 
-        mAddMsgText = getIntent().getCharSequenceExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION);
+        final CharSequence addMsgCharSequence = getIntent().getCharSequenceExtra(
+                DevicePolicyManager.EXTRA_ADD_EXPLANATION);
+        if (addMsgCharSequence != null) {
+            mAddMsgText = addMsgCharSequence.toString();
+        }
 
         if (mAddingProfileOwner) {
             // If we're trying to add a profile owner and user setup hasn't completed yet, no
@@ -628,7 +632,7 @@
         } catch (Resources.NotFoundException e) {
             mAdminDescription.setVisibility(View.GONE);
         }
-        if (mAddMsgText != null) {
+        if (!TextUtils.isEmpty(mAddMsgText)) {
             mAddMsg.setText(mAddMsgText);
             mAddMsg.setVisibility(View.VISIBLE);
         } else {