moparisthebest/k-9
1
0
Fork 0
mirror of https://github.com/moparisthebest/k-9 synced 2024-11-24 02:12:15 -05:00
Code Issues Releases Wiki Activity

Use Reflection to call WebSettings.setBlockNetworkLoads() to prevent info leaks via external resource loading.

Browse Source 
Fixes issue 1183
This commit is contained in:
cketti 2010-02-08 03:23:41 +00:00
parent 58f3005a28
commit 3b6cccdf7a
2 changed files with 49 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
src/com/fsck/k9/K9.java
View File

@ -9,6 +9,8 @@ import android.content.SharedPreferences;
import android.content.pm.PackageManager; import android.content.pm.PackageManager;
import android.net.Uri; import android.net.Uri;
import android.util.Log; import android.util.Log;
import android.webkit.WebSettings;
import com.fsck.k9.activity.MessageCompose; import com.fsck.k9.activity.MessageCompose;
import com.fsck.k9.mail.Address; import com.fsck.k9.mail.Address;
import com.fsck.k9.mail.Message; import com.fsck.k9.mail.Message;
@ -18,7 +20,7 @@ import com.fsck.k9.service.BootReceiver;
import com.fsck.k9.service.MailService; import com.fsck.k9.service.MailService;
import java.io.File; import java.io.File;
import java.util.UUID; import java.lang.reflect.Method;
public class K9 extends Application public class K9 extends Application
{ {
@ -70,6 +72,14 @@ public class K9 extends Application
private static boolean mMessageListCheckboxes = false; private static boolean mMessageListCheckboxes = false;
private static boolean mMessageListTouchable = false; private static boolean mMessageListTouchable = false;
/**
* We use WebSettings.getBlockNetworkLoads() to prevent the WebView that displays email
* bodies from loading external resources over the network. Unfortunately this method
* isn't exposed via the official Android API. That's why we use reflection to be able
* to call the method.
*/
private static final Method mGetBlockNetworkLoads = getMethod(WebSettings.class, "setBlockNetworkLoads");
/** /**
* The MIME type(s) of attachments we're willing to send. At the moment it is not possible * The MIME type(s) of attachments we're willing to send. At the moment it is not possible
@ -476,12 +486,40 @@ public class K9 extends Application
{ {
mMessageListCheckboxes = checkboxes; mMessageListCheckboxes = checkboxes;
} }
private static Method getMethod(Class classObject, String methodName)
{
try
{
Method method = classObject.getMethod(methodName, boolean.class);
return method;
}
catch (NoSuchMethodException e)
{
Log.i(K9.LOG_TAG, "Can't get method " +
classObject.toString() + "." + methodName);
}
catch (Exception e)
{
Log.e(K9.LOG_TAG, "Error while using reflection to get method " +
classObject.toString() + "." + methodName, e);
}
return null;
}
public static void setBlockNetworkLoads(WebSettings webSettings, boolean state)
{
if (mGetBlockNetworkLoads != null)
{
try
{
mGetBlockNetworkLoads.invoke(webSettings, state);
}
catch (Exception e)
{
Log.e(K9.LOG_TAG, "Error on invoking WebSettings.setBlockNetworkLoads()", e);
}
}
}
} }

2
src/com/fsck/k9/activity/MessageView.java
View File

@ -623,6 +623,7 @@ public class MessageView extends K9Activity
{ {
mMessageUid = uid; mMessageUid = uid;
mMessageContentView.getSettings().setBlockNetworkImage(true); mMessageContentView.getSettings().setBlockNetworkImage(true);
K9.setBlockNetworkLoads(mMessageContentView.getSettings(), true);
mAttachments.removeAllViews(); mAttachments.removeAllViews();
findSurroundingMessagesUid(); findSurroundingMessagesUid();
@ -1028,6 +1029,7 @@ public class MessageView extends K9Activity
private void onShowPictures() private void onShowPictures()
{ {
K9.setBlockNetworkLoads(mMessageContentView.getSettings(), false);
mMessageContentView.getSettings().setBlockNetworkImage(false); mMessageContentView.getSettings().setBlockNetworkImage(false);
mShowPicturesSection.setVisibility(View.GONE); mShowPicturesSection.setVisibility(View.GONE);
} }