MessageView: use WebView setBlockNetworkLoads().

Instead of setBlockNetworkImage, for security reasons.
Bug 2440315.
This commit is contained in:
Mihai Preda 2010-02-19 18:10:57 +01:00
parent 0ed64fbb3d
commit 777dbe5999

View File

@ -166,7 +166,11 @@ public class MessageView extends Activity implements OnClickListener {
private ContentObserver mCursorObserver; private ContentObserver mCursorObserver;
// contains the HTML body. Is used by LoadAttachmentTask to display inline images. // contains the HTML body. Is used by LoadAttachmentTask to display inline images.
private String mHtmlText; // is null most of the time, is used transiently to pass info to LoadAttachementTask
private String mHtmlTextRaw;
// contains the HTML content as set in WebView.
private String mHtmlTextWebView;
// this is true when reply & forward are disabled, such as messages in the trash // this is true when reply & forward are disabled, such as messages in the trash
private boolean mDisableReplyAndForward; private boolean mDisableReplyAndForward;
@ -376,7 +380,7 @@ public class MessageView extends Activity implements OnClickListener {
findViewById(R.id.invite_link).setOnClickListener(this); findViewById(R.id.invite_link).setOnClickListener(this);
mMessageContentView.setVerticalScrollBarEnabled(false); mMessageContentView.setVerticalScrollBarEnabled(false);
mMessageContentView.getSettings().setBlockNetworkImage(true); mMessageContentView.getSettings().setBlockNetworkLoads(true);
mMessageContentView.getSettings().setSupportZoom(false); mMessageContentView.getSettings().setSupportZoom(false);
mMessageContentView.setWebViewClient(new CustomWebViewClient()); mMessageContentView.setWebViewClient(new CustomWebViewClient());
@ -742,7 +746,11 @@ public class MessageView extends Activity implements OnClickListener {
private void onShowPictures() { private void onShowPictures() {
if (mMessage != null) { if (mMessage != null) {
if (mMessageContentView != null) { if (mMessageContentView != null) {
mMessageContentView.getSettings().setBlockNetworkImage(false); mMessageContentView.getSettings().setBlockNetworkLoads(false);
if (mHtmlTextWebView != null) {
mMessageContentView.loadDataWithBaseURL("email://", mHtmlTextWebView,
"text/html", "utf-8", null);
}
} }
mShowPicturesSection.setVisibility(View.GONE); mShowPicturesSection.setVisibility(View.GONE);
} }
@ -1278,24 +1286,25 @@ public class MessageView extends Activity implements OnClickListener {
} }
boolean htmlChanged = false; boolean htmlChanged = false;
for (Attachment attachment : attachments) { for (Attachment attachment : attachments) {
if (mHtmlText != null && attachment.mContentId != null if (mHtmlTextRaw != null && attachment.mContentId != null
&& attachment.mContentUri != null) { && attachment.mContentUri != null) {
// for html body, replace CID for inline images // for html body, replace CID for inline images
// Regexp which matches ' src="cid:contentId"'. // Regexp which matches ' src="cid:contentId"'.
String contentIdRe = String contentIdRe =
"\\s+(?i)src=\"cid(?-i):\\Q" + attachment.mContentId + "\\E\""; "\\s+(?i)src=\"cid(?-i):\\Q" + attachment.mContentId + "\\E\"";
String srcContentUri = " src=\"" + attachment.mContentUri + "\""; String srcContentUri = " src=\"" + attachment.mContentUri + "\"";
mHtmlText = mHtmlText.replaceAll(contentIdRe, srcContentUri); mHtmlTextRaw = mHtmlTextRaw.replaceAll(contentIdRe, srcContentUri);
htmlChanged = true; htmlChanged = true;
} else { } else {
addAttachment(attachment); addAttachment(attachment);
} }
} }
mHtmlTextWebView = mHtmlTextRaw;
mHtmlTextRaw = null;
if (htmlChanged && mMessageContentView != null) { if (htmlChanged && mMessageContentView != null) {
mMessageContentView.loadDataWithBaseURL("email://", mHtmlText, "text/html", "utf-8", mMessageContentView.loadDataWithBaseURL("email://", mHtmlTextWebView,
null); "text/html", "utf-8", null);
} }
mHtmlText = null;
} }
} }
@ -1361,7 +1370,7 @@ public class MessageView extends Activity implements OnClickListener {
*/ */
private void reloadUiFromBody(String bodyText, String bodyHtml) { private void reloadUiFromBody(String bodyText, String bodyHtml) {
String text = null; String text = null;
mHtmlText = null; mHtmlTextRaw = null;
boolean hasImages = false; boolean hasImages = false;
if (bodyHtml == null) { if (bodyHtml == null) {
@ -1408,7 +1417,7 @@ public class MessageView extends Activity implements OnClickListener {
text = sb.toString(); text = sb.toString();
} else { } else {
text = bodyHtml; text = bodyHtml;
mHtmlText = bodyHtml; mHtmlTextRaw = bodyHtml;
hasImages = IMG_TAG_START_REGEX.matcher(text).find(); hasImages = IMG_TAG_START_REGEX.matcher(text).find();
} }