mirror of
https://github.com/moparisthebest/k-9
synced 2024-11-27 19:52:17 -05:00
Use Reflection to call WebSettings.setBlockNetworkLoads() to prevent info leaks via external resource loading.
Fixes issue 1183
This commit is contained in:
parent
58f3005a28
commit
3b6cccdf7a
@ -9,6 +9,8 @@ import android.content.SharedPreferences;
|
|||||||
import android.content.pm.PackageManager;
|
import android.content.pm.PackageManager;
|
||||||
import android.net.Uri;
|
import android.net.Uri;
|
||||||
import android.util.Log;
|
import android.util.Log;
|
||||||
|
import android.webkit.WebSettings;
|
||||||
|
|
||||||
import com.fsck.k9.activity.MessageCompose;
|
import com.fsck.k9.activity.MessageCompose;
|
||||||
import com.fsck.k9.mail.Address;
|
import com.fsck.k9.mail.Address;
|
||||||
import com.fsck.k9.mail.Message;
|
import com.fsck.k9.mail.Message;
|
||||||
@ -18,7 +20,7 @@ import com.fsck.k9.service.BootReceiver;
|
|||||||
import com.fsck.k9.service.MailService;
|
import com.fsck.k9.service.MailService;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.util.UUID;
|
import java.lang.reflect.Method;
|
||||||
|
|
||||||
public class K9 extends Application
|
public class K9 extends Application
|
||||||
{
|
{
|
||||||
@ -70,6 +72,14 @@ public class K9 extends Application
|
|||||||
private static boolean mMessageListCheckboxes = false;
|
private static boolean mMessageListCheckboxes = false;
|
||||||
private static boolean mMessageListTouchable = false;
|
private static boolean mMessageListTouchable = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* We use WebSettings.getBlockNetworkLoads() to prevent the WebView that displays email
|
||||||
|
* bodies from loading external resources over the network. Unfortunately this method
|
||||||
|
* isn't exposed via the official Android API. That's why we use reflection to be able
|
||||||
|
* to call the method.
|
||||||
|
*/
|
||||||
|
private static final Method mGetBlockNetworkLoads = getMethod(WebSettings.class, "setBlockNetworkLoads");
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The MIME type(s) of attachments we're willing to send. At the moment it is not possible
|
* The MIME type(s) of attachments we're willing to send. At the moment it is not possible
|
||||||
@ -476,12 +486,40 @@ public class K9 extends Application
|
|||||||
{
|
{
|
||||||
mMessageListCheckboxes = checkboxes;
|
mMessageListCheckboxes = checkboxes;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
private static Method getMethod(Class classObject, String methodName)
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
Method method = classObject.getMethod(methodName, boolean.class);
|
||||||
|
return method;
|
||||||
|
}
|
||||||
|
catch (NoSuchMethodException e)
|
||||||
|
{
|
||||||
|
Log.i(K9.LOG_TAG, "Can't get method " +
|
||||||
|
classObject.toString() + "." + methodName);
|
||||||
|
}
|
||||||
|
catch (Exception e)
|
||||||
|
{
|
||||||
|
Log.e(K9.LOG_TAG, "Error while using reflection to get method " +
|
||||||
|
classObject.toString() + "." + methodName, e);
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void setBlockNetworkLoads(WebSettings webSettings, boolean state)
|
||||||
|
{
|
||||||
|
if (mGetBlockNetworkLoads != null)
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
mGetBlockNetworkLoads.invoke(webSettings, state);
|
||||||
|
}
|
||||||
|
catch (Exception e)
|
||||||
|
{
|
||||||
|
Log.e(K9.LOG_TAG, "Error on invoking WebSettings.setBlockNetworkLoads()", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -623,6 +623,7 @@ public class MessageView extends K9Activity
|
|||||||
{
|
{
|
||||||
mMessageUid = uid;
|
mMessageUid = uid;
|
||||||
mMessageContentView.getSettings().setBlockNetworkImage(true);
|
mMessageContentView.getSettings().setBlockNetworkImage(true);
|
||||||
|
K9.setBlockNetworkLoads(mMessageContentView.getSettings(), true);
|
||||||
|
|
||||||
mAttachments.removeAllViews();
|
mAttachments.removeAllViews();
|
||||||
findSurroundingMessagesUid();
|
findSurroundingMessagesUid();
|
||||||
@ -1028,6 +1029,7 @@ public class MessageView extends K9Activity
|
|||||||
|
|
||||||
private void onShowPictures()
|
private void onShowPictures()
|
||||||
{
|
{
|
||||||
|
K9.setBlockNetworkLoads(mMessageContentView.getSettings(), false);
|
||||||
mMessageContentView.getSettings().setBlockNetworkImage(false);
|
mMessageContentView.getSettings().setBlockNetworkImage(false);
|
||||||
mShowPicturesSection.setVisibility(View.GONE);
|
mShowPicturesSection.setVisibility(View.GONE);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user