Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / c92db391379cc19738de8bb5008ed619cb049ebe
commitc92db391379cc19738de8bb5008ed619cb049ebe[log] [tgz]
authorNick Kralevich <nnk@google.com>Fri Jul 27 13:22:20 2012 -0700
committerNick Kralevich <nnk@google.com>Fri Jul 27 13:27:00 2012 -0700
tree7bf9e332c1f8dd733ebb89029ad61c195488a616
parent527d14dc3c2fd72f1cdfaaa7e249456778fe93e4 [diff]
ClipData: html attribute values should always be escaped

Failure to properly escape HTML attribute values can lead to
XSS attacks. Technically, HTML of the form

<a href="http://www.google.com/search?x=a&y=b">blah</a>

is malformed (but widely accepted). Such links should be written as

<a href="http://www.google.com/search?x=a&amp;y=b">blah</a>

See: http://www.w3.org/TR/1999/REC-html401-19991224/appendix/notes.html#h-B.2.2

Change-Id: I188ded00b4cac44acb38884d4728c4cf9500f3b6
1 file changed
tree: 7bf9e332c1f8dd733ebb89029ad61c195488a616
  1. api/
  2. cmds/
  3. core/
  4. data/
  5. docs/
  6. drm/
  7. graphics/
  8. icu4j/
  9. include/
  10. keystore/
  11. libs/
  12. location/
  13. media/
  14. native/
  15. nfc-extras/
  16. obex/
  17. opengl/
  18. packages/
  19. policy/
  20. sax/
  21. services/
  22. telephony/
  23. test-runner/
  24. tests/
  25. tools/
  26. voip/
  27. wifi/
  28. Android.mk
  29. CleanSpec.mk
  30. MODULE_LICENSE_APACHE2
  31. NOTICE
  32. preloaded-classes