MessageView: use WebView setBlockNetworkLoads().
Instead of setBlockNetworkImage, for security reasons. Bug 2440315.
This commit is contained in:
parent
0ed64fbb3d
commit
777dbe5999
@ -166,7 +166,11 @@ public class MessageView extends Activity implements OnClickListener {
|
|||||||
private ContentObserver mCursorObserver;
|
private ContentObserver mCursorObserver;
|
||||||
|
|
||||||
// contains the HTML body. Is used by LoadAttachmentTask to display inline images.
|
// contains the HTML body. Is used by LoadAttachmentTask to display inline images.
|
||||||
private String mHtmlText;
|
// is null most of the time, is used transiently to pass info to LoadAttachementTask
|
||||||
|
private String mHtmlTextRaw;
|
||||||
|
|
||||||
|
// contains the HTML content as set in WebView.
|
||||||
|
private String mHtmlTextWebView;
|
||||||
|
|
||||||
// this is true when reply & forward are disabled, such as messages in the trash
|
// this is true when reply & forward are disabled, such as messages in the trash
|
||||||
private boolean mDisableReplyAndForward;
|
private boolean mDisableReplyAndForward;
|
||||||
@ -376,7 +380,7 @@ public class MessageView extends Activity implements OnClickListener {
|
|||||||
findViewById(R.id.invite_link).setOnClickListener(this);
|
findViewById(R.id.invite_link).setOnClickListener(this);
|
||||||
|
|
||||||
mMessageContentView.setVerticalScrollBarEnabled(false);
|
mMessageContentView.setVerticalScrollBarEnabled(false);
|
||||||
mMessageContentView.getSettings().setBlockNetworkImage(true);
|
mMessageContentView.getSettings().setBlockNetworkLoads(true);
|
||||||
mMessageContentView.getSettings().setSupportZoom(false);
|
mMessageContentView.getSettings().setSupportZoom(false);
|
||||||
mMessageContentView.setWebViewClient(new CustomWebViewClient());
|
mMessageContentView.setWebViewClient(new CustomWebViewClient());
|
||||||
|
|
||||||
@ -742,7 +746,11 @@ public class MessageView extends Activity implements OnClickListener {
|
|||||||
private void onShowPictures() {
|
private void onShowPictures() {
|
||||||
if (mMessage != null) {
|
if (mMessage != null) {
|
||||||
if (mMessageContentView != null) {
|
if (mMessageContentView != null) {
|
||||||
mMessageContentView.getSettings().setBlockNetworkImage(false);
|
mMessageContentView.getSettings().setBlockNetworkLoads(false);
|
||||||
|
if (mHtmlTextWebView != null) {
|
||||||
|
mMessageContentView.loadDataWithBaseURL("email://", mHtmlTextWebView,
|
||||||
|
"text/html", "utf-8", null);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
mShowPicturesSection.setVisibility(View.GONE);
|
mShowPicturesSection.setVisibility(View.GONE);
|
||||||
}
|
}
|
||||||
@ -1278,24 +1286,25 @@ public class MessageView extends Activity implements OnClickListener {
|
|||||||
}
|
}
|
||||||
boolean htmlChanged = false;
|
boolean htmlChanged = false;
|
||||||
for (Attachment attachment : attachments) {
|
for (Attachment attachment : attachments) {
|
||||||
if (mHtmlText != null && attachment.mContentId != null
|
if (mHtmlTextRaw != null && attachment.mContentId != null
|
||||||
&& attachment.mContentUri != null) {
|
&& attachment.mContentUri != null) {
|
||||||
// for html body, replace CID for inline images
|
// for html body, replace CID for inline images
|
||||||
// Regexp which matches ' src="cid:contentId"'.
|
// Regexp which matches ' src="cid:contentId"'.
|
||||||
String contentIdRe =
|
String contentIdRe =
|
||||||
"\\s+(?i)src=\"cid(?-i):\\Q" + attachment.mContentId + "\\E\"";
|
"\\s+(?i)src=\"cid(?-i):\\Q" + attachment.mContentId + "\\E\"";
|
||||||
String srcContentUri = " src=\"" + attachment.mContentUri + "\"";
|
String srcContentUri = " src=\"" + attachment.mContentUri + "\"";
|
||||||
mHtmlText = mHtmlText.replaceAll(contentIdRe, srcContentUri);
|
mHtmlTextRaw = mHtmlTextRaw.replaceAll(contentIdRe, srcContentUri);
|
||||||
htmlChanged = true;
|
htmlChanged = true;
|
||||||
} else {
|
} else {
|
||||||
addAttachment(attachment);
|
addAttachment(attachment);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
mHtmlTextWebView = mHtmlTextRaw;
|
||||||
|
mHtmlTextRaw = null;
|
||||||
if (htmlChanged && mMessageContentView != null) {
|
if (htmlChanged && mMessageContentView != null) {
|
||||||
mMessageContentView.loadDataWithBaseURL("email://", mHtmlText, "text/html", "utf-8",
|
mMessageContentView.loadDataWithBaseURL("email://", mHtmlTextWebView,
|
||||||
null);
|
"text/html", "utf-8", null);
|
||||||
}
|
}
|
||||||
mHtmlText = null;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1361,7 +1370,7 @@ public class MessageView extends Activity implements OnClickListener {
|
|||||||
*/
|
*/
|
||||||
private void reloadUiFromBody(String bodyText, String bodyHtml) {
|
private void reloadUiFromBody(String bodyText, String bodyHtml) {
|
||||||
String text = null;
|
String text = null;
|
||||||
mHtmlText = null;
|
mHtmlTextRaw = null;
|
||||||
boolean hasImages = false;
|
boolean hasImages = false;
|
||||||
|
|
||||||
if (bodyHtml == null) {
|
if (bodyHtml == null) {
|
||||||
@ -1408,7 +1417,7 @@ public class MessageView extends Activity implements OnClickListener {
|
|||||||
text = sb.toString();
|
text = sb.toString();
|
||||||
} else {
|
} else {
|
||||||
text = bodyHtml;
|
text = bodyHtml;
|
||||||
mHtmlText = bodyHtml;
|
mHtmlTextRaw = bodyHtml;
|
||||||
hasImages = IMG_TAG_START_REGEX.matcher(text).find();
|
hasImages = IMG_TAG_START_REGEX.matcher(text).find();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user