Bug 1358946 - Strip about:reader in intent data uri. r?maliu
MozReview-Commit-ID: AQ8txBAbtUr
--- a/mobile/android/chrome/content/browser.js
+++ b/mobile/android/chrome/content/browser.js
@@ -4495,19 +4495,16 @@ Tab.prototype = {
}
}
// Update the page actions URI for helper apps.
if (BrowserApp.selectedTab == this) {
ExternalApps.updatePageActionUri(fixedURI);
}
- // Strip reader mode URI and also make it exposable if needed
- fixedURI = this._stripAboutReaderURL(fixedURI);
-
let message = {
type: "Content:LocationChange",
tabID: this.id,
uri: truncate(fixedURI.spec, MAX_URI_LENGTH),
userRequested: this.userRequested || "",
baseDomain: baseDomain,
contentType: (contentType ? contentType : ""),
sameDocument: sameDocument,
@@ -4524,20 +4521,16 @@ Tab.prototype = {
// XXX This code assumes that this is the earliest hook we have at which
// browser.contentDocument is changed to the new document we're loading
this.contentDocumentIsDisplayed = false;
this.hasTouchListener = false;
Services.obs.notifyObservers(this.browser, "Session:NotifyLocationChange");
}
},
- _stripAboutReaderURL: function (originalURI) {
- return ReaderMode.getOriginalUrlObjectForDisplay(originalURI.spec) || originalURI;
- },
-
// Properties used to cache security state used to update the UI
_state: null,
_hostChanged: false, // onLocationChange will flip this bit
onSecurityChange: function(aWebProgress, aRequest, aState) {
// Don't need to do anything if the data we use to update the UI hasn't changed
if (this._state == aState && !this._hostChanged)
return;
--- a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/mozglue/SafeIntent.java
+++ b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/mozglue/SafeIntent.java
@@ -7,29 +7,32 @@
// This should be in util/, but is here because of build dependency issues.
package org.mozilla.gecko.mozglue;
import android.content.Intent;
import android.net.Uri;
import android.os.Bundle;
import android.util.Log;
+import org.mozilla.gecko.util.StringUtils;
+
import java.util.ArrayList;
/**
* External applications can pass values into Intents that can cause us to crash: in defense,
* we wrap {@link Intent} and catch the exceptions they may force us to throw. See bug 1090385
* for more.
*/
public class SafeIntent {
private static final String LOGTAG = "Gecko" + SafeIntent.class.getSimpleName();
private final Intent intent;
public SafeIntent(final Intent intent) {
+ stripDataUri(intent);
this.intent = intent;
}
public boolean hasExtra(String name) {
try {
return intent.hasExtra(name);
} catch (OutOfMemoryError e) {
Log.w(LOGTAG, "Couldn't determine if intent had an extra: OOM. Malformed?");
@@ -126,9 +129,23 @@ public class SafeIntent {
Log.w(LOGTAG, "Couldn't get intent data.", e);
return null;
}
}
public Intent getUnsafe() {
return intent;
}
+
+ private static void stripDataUri(final Intent intent) {
+ // We should limit intent filters and check incoming intents against white-list
+ // But for now we just strip 'about:reader?url='
+ if (intent != null && intent.getData() != null) {
+ final String url = intent.getData().toString();
+ if (url != null && url.toLowerCase().startsWith("about:reader")) {
+ final String strippedUrl = StringUtils.getQueryParameter(url, "url");
+ if (strippedUrl != null) {
+ intent.setData(Uri.parse(strippedUrl));
+ }
+ }
+ }
+ }
}