Google Git
Sign in
android / platform / frameworks / base / 57946e2bb73850e817b3c01fa5350d705e178e39
commit57946e2bb73850e817b3c01fa5350d705e178e39[log] [tgz]
authorLucas Lin <lucaslin@google.com>Fri Mar 03 08:13:50 2023 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Thu May 11 18:39:56 2023 +0000
treec1d777a469d3cbfb126e80bb77aa0744df80e561
parent3af4465dd75322908828c5be0e82d574df3ee502 [diff]
Sanitize VPN label to prevent HTML injection

This commit will try to sanitize the content of VpnDialog. This
commit creates a function which will try to sanitize the VPN
label, if the sanitized VPN label is different from the original
one, which means the VPN label might contain HTML tag or the VPN
label violates the words restriction(may contain some wording
which will mislead the user). For this kind of case, show the
package name instead of the VPN label to prevent misleading the
user.

The malicious VPN app might be able to add a large number of line
breaks with HTML in order to hide the system-displayed text from
the user in the connection request dialog. Thus, sanitizing the
content of the dialog is needed.

Bug: 204554636
Test: N/A
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2178216b98bf9865edee198f45192f0b883624ab)
Merged-In: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d
Change-Id: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d
2 files changed
tree: c1d777a469d3cbfb126e80bb77aa0744df80e561
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. lowpan/
  19. media/
  20. mime/
  21. mms/
  22. native/
  23. nfc-extras/
  24. obex/
  25. omapi/
  26. opengl/
  27. packages/
  28. proto/
  29. rs/
  30. samples/
  31. sax/
  32. services/
  33. startop/
  34. telecomm/
  35. telephony/
  36. test-base/
  37. test-legacy/
  38. test-mock/
  39. test-runner/
  40. tests/
  41. tools/
  42. wifi/
  43. .clang-format
  44. .gitignore
  45. .mailmap
  46. Android.bp
  47. Android.mk
  48. ApiDocs.bp
  49. BATTERY_STATS_OWNERS
  50. CleanSpec.mk
  51. framework-jarjar-rules.txt
  52. GAME_MANAGER_OWNERS
  53. INPUT_OWNERS
  54. lint-baseline.xml
  55. METADATA
  56. MODULE_LICENSE_APACHE2
  57. MULTIUSER_OWNERS
  58. NOTICE
  59. OWNERS
  60. OWNERS.md
  61. PACKAGE_MANAGER_OWNERS
  62. pathmap.mk
  63. PREUPLOAD.cfg
  64. ProtoLibraries.bp
  65. StubLibraries.bp
  66. TEST_MAPPING
  67. TestProtoLibraries.bp
  68. TRACE_OWNERS
  69. ZYGOTE_OWNERS