ClipData: html attribute values should always be escaped

Failure to properly escape HTML attribute values can lead to XSS attacks. Technically, HTML of the form <a href="http://www.google.com/search?x=a&y=b">blah</a> is malformed (but widely accepted). Such links should be written as <a href="http://www.google.com/search?x=a&y=b">blah</a> See: http://www.w3.org/TR/1999/REC-html401-19991224/appendix/notes.html#h-B.2.2 Change-Id: I188ded00b4cac44acb38884d4728c4cf9500f3b6
author: Nick Kralevich <nnk@google.com> 2012-07-27 13:22:20 -0700
committer: Nick Kralevich <nnk@google.com> 2012-07-27 13:27:00 -0700
commit: c92db391379cc19738de8bb5008ed619cb049ebe (patch)
tree: 7bf9e332c1f8dd733ebb89029ad61c195488a616 /core/java/android/content/ClipData.java
parent: 527d14dc3c2fd72f1cdfaaa7e249456778fe93e4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/core/java/android/content/ClipData.java b/core/java/android/content/ClipData.java
index 186683091817..88f1a3d5b4fd 100644
--- a/core/java/android/content/ClipData.java
+++ b/core/java/android/content/ClipData.java
@@ -563,7 +563,7 @@ public class ClipData implements Parcelable {
         private String uriToHtml(String uri) {
             StringBuilder builder = new StringBuilder(256);
             builder.append("<a href=\"");
-            builder.append(uri);
+            builder.append(Html.escapeHtml(uri));
             builder.append("\">");
             builder.append(Html.escapeHtml(uri));
             builder.append("</a>");
author	Nick Kralevich <nnk@google.com>	2012-07-27 13:22:20 -0700
committer	Nick Kralevich <nnk@google.com>	2012-07-27 13:27:00 -0700
commit	c92db391379cc19738de8bb5008ed619cb049ebe (patch)
tree	7bf9e332c1f8dd733ebb89029ad61c195488a616 /core/java/android/content/ClipData.java
parent	527d14dc3c2fd72f1cdfaaa7e249456778fe93e4 (diff)