From 2ed113c7137e6f1059a22fa018332d56ec740a0a Mon Sep 17 00:00:00 2001 From: Tony Mantler Date: Thu, 31 Oct 2013 16:39:03 -0700 Subject: [PATCH] Foreign characters may be letters and digits, but they're not allowed in Uri/Url schemes b/11356390 Change-Id: Ic510607ab5f671e3f3f474ea3c2f4af7e9966cb1 --- .../com/android/emailcommon/utility/SSLUtils.java | 14 +++++++++++++- .../android/emailcommon/utility/SSLUtilsTest.java | 2 ++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/emailcommon/src/com/android/emailcommon/utility/SSLUtils.java b/emailcommon/src/com/android/emailcommon/utility/SSLUtils.java index b28593485..66afe146c 100644 --- a/emailcommon/src/com/android/emailcommon/utility/SSLUtils.java +++ b/emailcommon/src/com/android/emailcommon/utility/SSLUtils.java @@ -175,6 +175,18 @@ public class SSLUtils { return wrapped; } + // Character.isLetter() is locale-specific, and will potentially return true for characters + // outside of ascii a-z,A-Z + private static boolean isAsciiLetter(char c) { + return ('a' <= c && c <= 'z') || ('A' <= c && c <= 'Z'); + } + + // Character.isDigit() is locale-specific, and will potentially return true for characters + // outside of ascii 0-9 + private static boolean isAsciiNumber(char c) { + return ('0' <= c && c <= '9'); + } + /** * Escapes the contents a string to be used as a safe scheme name in the URI according to * http://tools.ietf.org/html/rfc3986#section-3.1 @@ -189,7 +201,7 @@ public class SSLUtils { StringBuilder sb = new StringBuilder(); for (int i = 0; i < s.length(); i++) { char c = s.charAt(i); - if (Character.isLetter(c) || Character.isDigit(c) + if (isAsciiLetter(c) || isAsciiNumber(c) || ('-' == c) || ('.' == c)) { // Safe - use as is. sb.append(c); diff --git a/tests/src/com/android/emailcommon/utility/SSLUtilsTest.java b/tests/src/com/android/emailcommon/utility/SSLUtilsTest.java index d373b9c3a..301856010 100644 --- a/tests/src/com/android/emailcommon/utility/SSLUtilsTest.java +++ b/tests/src/com/android/emailcommon/utility/SSLUtilsTest.java @@ -48,6 +48,8 @@ public class SSLUtilsTest extends AndroidTestCase { assertSchemeNameValid(SSLUtils.escapeForSchemeName("name with spaces")); assertSchemeNameValid(SSLUtils.escapeForSchemeName("odd * & characters")); assertSchemeNameValid(SSLUtils.escapeForSchemeName("f3v!l;891023-47 +")); + assertSchemeNameValid( + SSLUtils.escapeForSchemeName("\u304d\u307f\u3092\u611b\u3057\u3066\u308b")); } private static final char[] RANDOM_DICT = new char[] {