Sanitize VPN label to prevent HTML injection - platform/frameworks/base

diff options

author	lucaslin <lucaslin@google.com>	2022-11-11 04:20:10 +0000
committer	Lucas Lin <lucaslin@google.com>	2022-11-11 04:31:30 +0000
commit	27faa572c082455a04579d242265ffaf46d39afc (patch)
tree	312287b9f8b28f8ec0e7f5655eed74f44ed29e7d /libs/androidfw/AssetsProvider.cpp
parent	9e283d5e374a0fd10f9c9a1f0ca6cb72cbac0481 (diff)

Sanitize VPN label to prevent HTML injection

This commit will try to sanitize the content of VpnDialog. This commit creates a function which will try to sanitize the VPN label, if the sanitized VPN label is different from the original one, which means the VPN label might contain HTML tag or the VPN label violates the words restriction(may contain some wording which will mislead the user). For this kind of case, show the package name instead of the VPN label to prevent misleading the user. The malicious VPN app might be able to add a large number of line breaks with HTML in order to hide the system-displayed text from the user in the connection request dialog. Thus, sanitizing the content of the dialog is needed. Bug: 204554636 Test: atest VpnDialogsTests Change-Id: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d

Diffstat (limited to 'libs/androidfw/AssetsProvider.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: