Prevent HTML Injection on the Device Admin request screen
The root issue is that CharSequence is an interface.
String implements that interface, however, Spanned class
too which is a rich text format that can store HTML code.
The solution is enforce to use String type which won't include
any HTML function.
Test: Rebuilt apk and see the string without HTML style.
(cherry picked from commit 0bf3c98b2f325f70d5492a7c7ade16951a802600)
(cherry picked from commit 52f9039d5cc775a02dab90492cca98850a82872a)
1 file changed