From 777dbe5999fd9fea1ed00d6faa59dfd5be7af322 Mon Sep 17 00:00:00 2001 From: Mihai Preda Date: Fri, 19 Feb 2010 18:10:57 +0100 Subject: [PATCH] MessageView: use WebView setBlockNetworkLoads(). Instead of setBlockNetworkImage, for security reasons. Bug 2440315. --- .../android/email/activity/MessageView.java | 29 ++++++++++++------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/src/com/android/email/activity/MessageView.java b/src/com/android/email/activity/MessageView.java index 44ba795d7..1270cc41d 100644 --- a/src/com/android/email/activity/MessageView.java +++ b/src/com/android/email/activity/MessageView.java @@ -166,7 +166,11 @@ public class MessageView extends Activity implements OnClickListener { private ContentObserver mCursorObserver; // contains the HTML body. Is used by LoadAttachmentTask to display inline images. - private String mHtmlText; + // is null most of the time, is used transiently to pass info to LoadAttachementTask + private String mHtmlTextRaw; + + // contains the HTML content as set in WebView. + private String mHtmlTextWebView; // this is true when reply & forward are disabled, such as messages in the trash private boolean mDisableReplyAndForward; @@ -376,7 +380,7 @@ public class MessageView extends Activity implements OnClickListener { findViewById(R.id.invite_link).setOnClickListener(this); mMessageContentView.setVerticalScrollBarEnabled(false); - mMessageContentView.getSettings().setBlockNetworkImage(true); + mMessageContentView.getSettings().setBlockNetworkLoads(true); mMessageContentView.getSettings().setSupportZoom(false); mMessageContentView.setWebViewClient(new CustomWebViewClient()); @@ -742,7 +746,11 @@ public class MessageView extends Activity implements OnClickListener { private void onShowPictures() { if (mMessage != null) { if (mMessageContentView != null) { - mMessageContentView.getSettings().setBlockNetworkImage(false); + mMessageContentView.getSettings().setBlockNetworkLoads(false); + if (mHtmlTextWebView != null) { + mMessageContentView.loadDataWithBaseURL("email://", mHtmlTextWebView, + "text/html", "utf-8", null); + } } mShowPicturesSection.setVisibility(View.GONE); } @@ -1278,24 +1286,25 @@ public class MessageView extends Activity implements OnClickListener { } boolean htmlChanged = false; for (Attachment attachment : attachments) { - if (mHtmlText != null && attachment.mContentId != null + if (mHtmlTextRaw != null && attachment.mContentId != null && attachment.mContentUri != null) { // for html body, replace CID for inline images // Regexp which matches ' src="cid:contentId"'. String contentIdRe = "\\s+(?i)src=\"cid(?-i):\\Q" + attachment.mContentId + "\\E\""; String srcContentUri = " src=\"" + attachment.mContentUri + "\""; - mHtmlText = mHtmlText.replaceAll(contentIdRe, srcContentUri); + mHtmlTextRaw = mHtmlTextRaw.replaceAll(contentIdRe, srcContentUri); htmlChanged = true; } else { addAttachment(attachment); } } + mHtmlTextWebView = mHtmlTextRaw; + mHtmlTextRaw = null; if (htmlChanged && mMessageContentView != null) { - mMessageContentView.loadDataWithBaseURL("email://", mHtmlText, "text/html", "utf-8", - null); + mMessageContentView.loadDataWithBaseURL("email://", mHtmlTextWebView, + "text/html", "utf-8", null); } - mHtmlText = null; } } @@ -1361,7 +1370,7 @@ public class MessageView extends Activity implements OnClickListener { */ private void reloadUiFromBody(String bodyText, String bodyHtml) { String text = null; - mHtmlText = null; + mHtmlTextRaw = null; boolean hasImages = false; if (bodyHtml == null) { @@ -1408,7 +1417,7 @@ public class MessageView extends Activity implements OnClickListener { text = sb.toString(); } else { text = bodyHtml; - mHtmlText = bodyHtml; + mHtmlTextRaw = bodyHtml; hasImages = IMG_TAG_START_REGEX.matcher(text).find(); }