Fix #1283 Prevent loading any pages other than our file:/// url resources and accounts.firefox.com in the webview

Also, remove debug logs.
This commit is contained in:
Donovan Preston 2019-04-05 12:18:22 -04:00
parent 48b5d85904
commit 74ecb598d2

View file

@ -71,11 +71,11 @@ class MainActivity : AppCompatActivity(), AdvancedWebView.Listener {
if (Intent.ACTION_SEND == intent.action && type != null) { if (Intent.ACTION_SEND == intent.action && type != null) {
if (type == "text/plain") { if (type == "text/plain") {
val sharedText = intent.getStringExtra(Intent.EXTRA_TEXT) val sharedText = intent.getStringExtra(Intent.EXTRA_TEXT)
Log.d(TAG_INTENT, "text/plain $sharedText") // Log.d(TAG_INTENT, "text/plain $sharedText")
mToShare = "data:text/plain;base64," + Base64.encodeToString(sharedText.toByteArray(), 16).trim() mToShare = "data:text/plain;base64," + Base64.encodeToString(sharedText.toByteArray(), 16).trim()
} else if (type.startsWith("image/")) { } else if (type.startsWith("image/")) {
val imageUri = intent.getParcelableExtra(Intent.EXTRA_STREAM) as Uri val imageUri = intent.getParcelableExtra(Intent.EXTRA_STREAM) as Uri
Log.d(TAG_INTENT, "image/ $imageUri") // Log.d(TAG_INTENT, "image/ $imageUri")
mToShare = "data:text/plain;base64," + Base64.encodeToString(imageUri.path.toByteArray(), 16).trim() mToShare = "data:text/plain;base64," + Base64.encodeToString(imageUri.path.toByteArray(), 16).trim()
} }
} }
@ -87,13 +87,13 @@ class MainActivity : AppCompatActivity(), AdvancedWebView.Listener {
mAccount = FirefoxAccount(value, "20f7931c9054d833", "https://send.firefox.com/fxa/android-redirect.html") mAccount = FirefoxAccount(value, "20f7931c9054d833", "https://send.firefox.com/fxa/android-redirect.html")
mAccount?.beginOAuthFlow(arrayOf("profile", "https://identity.mozilla.com/apps/send"), true) mAccount?.beginOAuthFlow(arrayOf("profile", "https://identity.mozilla.com/apps/send"), true)
?.then { url -> ?.then { url ->
Log.d(TAG_CONFIG, "GOT A URL $url") // Log.d(TAG_CONFIG, "GOT A URL $url")
this@MainActivity.runOnUiThread { this@MainActivity.runOnUiThread {
webView.loadUrl(url) webView.loadUrl(url)
} }
FxaResult.fromValue(Unit) FxaResult.fromValue(Unit)
} }
Log.d(TAG_CONFIG, "CREATED FIREFOXACCOUNT") // Log.d(TAG_CONFIG, "CREATED FIREFOXACCOUNT")
FxaResult.fromValue(Unit) FxaResult.fromValue(Unit)
} }
} }
@ -172,13 +172,21 @@ class MainActivity : AppCompatActivity(), AdvancedWebView.Listener {
} }
} }
} }
Log.d(TAG_MAIN, "onPageStarted") if (!url.startsWith("file:///android_asset/") && !url.startsWith("https://accounts.firefox.com/")) {
// Don't allow loading anything other than the app in our webview
// It should be possible to do this with shouldOverrideUrlLoading
// but it didn't seem to be working, so this works as a hack.
webView.loadUrl("file:///android_asset/android.html")
Log.d(TAG_MAIN, "BAD URL " + url)
} else {
// Log.d(TAG_MAIN, "onPageStarted " + url)
}
} }
override fun onPageFinished(url: String) { override fun onPageFinished(url: String) {
Log.d(TAG_MAIN, "onPageFinished") // Log.d(TAG_MAIN, "onPageFinished")
if (mToShare != null) { if (mToShare != null) {
Log.d(TAG_INTENT, mToShare) // Log.d(TAG_INTENT, mToShare)
webView.postWebMessage(WebMessage(mToShare), Uri.EMPTY) webView.postWebMessage(WebMessage(mToShare), Uri.EMPTY)
mToShare = null mToShare = null
@ -202,11 +210,11 @@ class MainActivity : AppCompatActivity(), AdvancedWebView.Listener {
contentLength: Long, contentLength: Long,
contentDisposition: String, contentDisposition: String,
userAgent: String) { userAgent: String) {
Log.d(TAG_MAIN, "onDownloadRequested") // Log.d(TAG_MAIN, "onDownloadRequested")
} }
override fun onExternalPageRequest(url: String) { override fun onExternalPageRequest(url: String) {
Log.d(TAG_MAIN, "onExternalPageRequest($url)") // Log.d(TAG_MAIN, "onExternalPageRequest($url)")
} }
companion object { companion object {