Bug 1208956 - Only open http* scheme in intent fallback uris. r=nalexander, a=al
authorMichael Comella <michael.l.comella@gmail.com>
Mon, 05 Oct 2015 17:25:19 -0400
changeset 289580 2bfd512a01af
parent 289579 2c138fbc9513
child 289581 32de6f21dd48
push id5198
push usercbook@mozilla.com
push date2015-10-19 14:25 +0000
treeherdermozilla-beta@2bfd512a01af [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnalexander, al
bugs1208956
milestone42.0
Bug 1208956 - Only open http* scheme in intent fallback uris. r=nalexander, a=al This follows Chrome's behavior.
mobile/android/base/IntentHelper.java
--- a/mobile/android/base/IntentHelper.java
+++ b/mobile/android/base/IntentHelper.java
@@ -19,20 +19,22 @@ import org.json.JSONObject;
 
 import android.app.Activity;
 import android.content.Intent;
 import android.net.Uri;
 import android.text.TextUtils;
 import android.util.Log;
 
 import java.io.UnsupportedEncodingException;
+import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URLEncoder;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Locale;
 
 public final class IntentHelper implements GeckoEventListener,
                                            NativeEventListener {
 
     private static final String LOGTAG = "GeckoIntentHelper";
     private static final String[] EVENTS = {
         "Intent:GetHandlers",
         "Intent:Open",
@@ -44,16 +46,18 @@ public final class IntentHelper implemen
         "Intent:OpenNoHandler",
     };
 
     // via http://developer.android.com/distribute/tools/promote/linking.html
     private static String MARKET_INTENT_URI_PACKAGE_PREFIX = "market://details?id=";
     private static String EXTRA_BROWSER_FALLBACK_URL = "browser_fallback_url";
 
     /** A partial URI to an error page - the encoded error URI should be appended before loading. */
+    private static final String GENERIC_URI_PREFIX = "about:neterror?e=generic&u=";
+    private static final String MALFORMED_URI_PREFIX = "about:neterror?e=malformedURI&u=";
     private static String UNKNOWN_PROTOCOL_URI_PREFIX = "about:neterror?e=unknownProtocolFound&u=";
 
     private static IntentHelper instance;
 
     private final Activity activity;
 
     private IntentHelper(Activity activity) {
         this.activity = activity;
@@ -178,17 +182,32 @@ public final class IntentHelper implemen
             callback.sendError(errorUri);
             return;
         }
 
         // For this flow, we follow Chrome's lead:
         //   https://developer.chrome.com/multidevice/android/intents
         if (intent.hasExtra(EXTRA_BROWSER_FALLBACK_URL)) {
             final String fallbackUrl = intent.getStringExtra(EXTRA_BROWSER_FALLBACK_URL);
-            callback.sendError(fallbackUrl);
+            String urlToLoad;
+            try {
+                final String anyCaseScheme = new URI(fallbackUrl).getScheme();
+                final String scheme = (anyCaseScheme == null) ? null : anyCaseScheme.toLowerCase(Locale.US);
+                if ("http".equals(scheme) || "https".equals(scheme)) {
+                    urlToLoad = fallbackUrl;
+                } else {
+                    Log.w(LOGTAG, "Fallback URI uses unsupported scheme: " + scheme);
+                    urlToLoad = GENERIC_URI_PREFIX + fallbackUrl;
+                }
+            } catch (final URISyntaxException e) {
+                // Do not include Exception to avoid leaking uris.
+                Log.w(LOGTAG, "Exception parsing fallback URI");
+                urlToLoad = MALFORMED_URI_PREFIX + fallbackUrl;
+            }
+            callback.sendError(urlToLoad);
 
         } else if (intent.getPackage() != null) {
             // Note on alternative flows: we could get the intent package from a component, however, for
             // security reasons, components are ignored when opening URIs (bug 1168998) so we should
             // ignore it here too.
             //
             // Our old flow used to prompt the user to search for their app in the market by scheme and
             // while this could help the user find a new app, there is not always a correlation in