commit ede5041dd62d871cb0572567d59d07e3fca66509
author TreeHugger Robot <treehugger-gerrit@google.com> Wed Apr 14 12:15:19 2021 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Wed Apr 14 12:15:19 2021 +0000
tree f88ae4bcb4acf8581d3c7500c1c8a7c1294f1156
parent 2cfa6e5f390ad4a4af47a0f806580c79063c9168
parent 0bf3c98b2f325f70d5492a7c7ade16951a802600

Merge "Prevent HTML Injection on the Device Admin request screen" into sc-dev

src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java

diff --git a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
index 0625bbb..6a764d4 100644
--- a/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
+++ b/src/com/android/settings/applications/specialaccess/deviceadmin/DeviceAdminAdd.java
@@ -108,7 +108,7 @@
     DevicePolicyManager mDPM;
     AppOpsManager mAppOps;
     DeviceAdminInfo mDeviceAdmin;
-    CharSequence mAddMsgText;
+    String mAddMsgText;
     String mProfileOwnerName;
 
     ImageView mAdminIcon;
@@ -280,7 +280,11 @@
             }
         }
 
-        mAddMsgText = getIntent().getCharSequenceExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION);
+        final CharSequence addMsgCharSequence = getIntent().getCharSequenceExtra(
+                DevicePolicyManager.EXTRA_ADD_EXPLANATION);
+        if (addMsgCharSequence != null) {
+            mAddMsgText = addMsgCharSequence.toString();
+        }
 
         if (mAddingProfileOwner) {
             // If we're trying to add a profile owner and user setup hasn't completed yet, no
@@ -634,7 +638,7 @@
         } catch (Resources.NotFoundException e) {
             mAdminDescription.setVisibility(View.GONE);
         }
-        if (mAddMsgText != null) {
+        if (!TextUtils.isEmpty(mAddMsgText)) {
             mAddMsg.setText(mAddMsgText);
             mAddMsg.setVisibility(View.VISIBLE);
         } else {