Sanitize selector Intent when handling intent: scheme. Android Intents have a selector field which, if present, are used to search for the Activity to invoke. These must also be sanitized before handing off to the OS. BUG:14562482 Change-Id: I30461e11be48ec623ab0f56d0d0f206dc2849c98

commit: 7a7dce808e1545e859b80b86f0279ee68ce3f0cc [log] [tgz]
author: Marcin Kosiba <mkosiba@google.com> Wed May 07 15:22:07 2014 +0100
committer: Bill Yi <byi@google.com> Tue Jun 17 14:19:59 2014 -0700
tree: 90c5b3c7164182eb1b9db15c274bd53cdff056a0
parent: ce0577bf9de1ee54ce1bf818505211353ba98512 [diff]
diff --git a/chromium/java/com/android/webview/chromium/WebViewContentsClientAdapter.java b/chromium/java/com/android/webview/chromium/WebViewContentsClientAdapter.java
index 8749985..3a81c0d 100644
--- a/chromium/java/com/android/webview/chromium/WebViewContentsClientAdapter.java
+++ b/chromium/java/com/android/webview/chromium/WebViewContentsClientAdapter.java

@@ -189,6 +189,11 @@
             // security (only access to BROWSABLE activities).
             intent.addCategory(Intent.CATEGORY_BROWSABLE);
             intent.setComponent(null);
+            Intent selector = intent.getSelector();
+            if (selector != null) {
+                selector.addCategory(Intent.CATEGORY_BROWSABLE);
+                selector.setComponent(null);
+            }
             // Pass the package name as application ID so that the intent from the
             // same application can be opened in the same tab.
             intent.putExtra(Browser.EXTRA_APPLICATION_ID,
commit	7a7dce808e1545e859b80b86f0279ee68ce3f0cc	[log] [tgz]
author	Marcin Kosiba <mkosiba@google.com>	Wed May 07 15:22:07 2014 +0100
committer	Bill Yi <byi@google.com>	Tue Jun 17 14:19:59 2014 -0700
tree	90c5b3c7164182eb1b9db15c274bd53cdff056a0
parent	ce0577bf9de1ee54ce1bf818505211353ba98512 [diff]