Merge "Fix WebView vulnerability by disallowing file access" am: 57c1da45bf

Change-Id: Id48f93c7d9083972b3a6a2b0ff073072a5987b23
2020-04-28 16:18:44 +00:00
parent 05d1d93f2c 57c1da45bf
commit e422c51bd3
1 changed files with 1 additions and 0 deletions
--- a/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java
+++ b/packages/CarrierDefaultApp/src/com/android/carrierdefaultapp/CaptivePortalLoginActivity.java
@@ -106,6 +106,7 @@ public class CaptivePortalLoginActivity extends Activity {
        webSettings.setSupportZoom(true);
        webSettings.setBuiltInZoomControls(true);
        webSettings.setDomStorageEnabled(true);
+        webSettings.setAllowFileAccess(false);
        mWebViewClient = new MyWebViewClient();
        mWebView.setWebViewClient(mWebViewClient);
        mWebView.setWebChromeClient(new MyWebChromeClient());