Merge "Fix WebView vulnerability by disallowing file access"

2020-04-28 16:04:02 +00:00
parent a5dc3dca66 c7387da803
commit 57c1da45bf
1 changed files with 1 additions and 0 deletions
--- a/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java
+++ b/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java
@@ -106,6 +106,7 @@ public class CaptivePortalLoginActivity extends Activity {
        webSettings.setSupportZoom(true);
        webSettings.setBuiltInZoomControls(true);
        webSettings.setDomStorageEnabled(true);
+        webSettings.setAllowFileAccess(false);
        mWebViewClient = new MyWebViewClient();
        mWebView.setWebViewClient(mWebViewClient);
        mWebView.setWebChromeClient(new MyWebChromeClient());