diff options
author | Andy Huang <ath@google.com> | 2012-11-20 21:58:48 -0800 |
---|---|---|
committer | Andy Huang <ath@google.com> | 2012-11-20 22:04:11 -0800 |
commit | a88fbbaa07312640b9a337a3e06b7b5e0f60a521 (patch) | |
tree | 13cefe71c221733883bf58df70b239355e1e5140 /tests/src | |
parent | 6424c3fe9d4b02a4b5362416047909085b9e7597 (diff) | |
download | android_packages_apps_UnifiedEmail-a88fbbaa07312640b9a337a3e06b7b5e0f60a521.tar.gz android_packages_apps_UnifiedEmail-a88fbbaa07312640b9a337a3e06b7b5e0f60a521.tar.bz2 android_packages_apps_UnifiedEmail-a88fbbaa07312640b9a337a3e06b7b5e0f60a521.zip |
sanitize user input in Conversation/MessageInfo
Certain strings in a sender's name or message snippet could
cause ConversationInfo/MessageInfo objects to become malformed.
Escape the critical '^' (caret) character to prevent any string
input from appearing like a delimiter.
Bug: 7593796
Change-Id: I70266410c738d366be6ec4d6b00413543a9e22db
Diffstat (limited to 'tests/src')
-rw-r--r-- | tests/src/com/android/mail/browse/SendersFormattingTests.java | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/tests/src/com/android/mail/browse/SendersFormattingTests.java b/tests/src/com/android/mail/browse/SendersFormattingTests.java index 70e77b51b..1fe09a4c1 100644 --- a/tests/src/com/android/mail/browse/SendersFormattingTests.java +++ b/tests/src/com/android/mail/browse/SendersFormattingTests.java @@ -18,6 +18,7 @@ package com.android.mail.browse; import android.test.AndroidTestCase; +import android.test.suitebuilder.annotation.SmallTest; import android.text.SpannableString; import com.android.mail.providers.ConversationInfo; @@ -25,6 +26,7 @@ import com.android.mail.providers.MessageInfo; import com.google.android.common.html.parser.HtmlParser; import com.google.android.common.html.parser.HtmlTreeBuilder; +@SmallTest public class SendersFormattingTests extends AndroidTestCase { private static ConversationInfo createConversationInfo(int count) { @@ -77,4 +79,40 @@ public class SendersFormattingTests extends AndroidTestCase { assertEquals(strings.length, 1); assertEquals(strings[0].toString(), sender); } + + public void testSenderNameBadInput() { + final ConversationInfo conv = createConversationInfo(1); + final MessageInfo msg = new MessageInfo(false, false, "****^****", 0); + conv.addMessage(msg); + + final String serialized = ConversationInfo.toString(conv); + + ConversationInfo conv2 = ConversationInfo.fromString(serialized); + assertEquals(1, conv2.messageInfos.size()); + assertEquals(msg.sender, conv2.messageInfos.get(0).sender); + } + + public void testConversationSnippetsBadInput() { + final String firstSnippet = "*^*"; + final String firstUnreadSnippet = "*^*^*"; + final String lastSnippet = "*^*^*^*"; + + final ConversationInfo conv = new ConversationInfo(42, 49, firstSnippet, firstUnreadSnippet, + lastSnippet); + final MessageInfo msg = new MessageInfo(false, false, "Foo Bar", 0); + conv.addMessage(msg); + + assertEquals(firstSnippet, conv.firstSnippet); + assertEquals(firstUnreadSnippet, conv.firstUnreadSnippet); + assertEquals(lastSnippet, conv.lastSnippet); + + final String serialized = ConversationInfo.toString(conv); + + ConversationInfo conv2 = ConversationInfo.fromString(serialized); + + assertEquals(conv.firstSnippet, conv2.firstSnippet); + assertEquals(conv.firstUnreadSnippet, conv2.firstUnreadSnippet); + assertEquals(conv.lastSnippet, conv2.lastSnippet); + } + } |