summaryrefslogtreecommitdiffstats
path: root/src/com/android/settings/bluetooth/BluetoothPairingDialog.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/com/android/settings/bluetooth/BluetoothPairingDialog.java')
-rwxr-xr-xsrc/com/android/settings/bluetooth/BluetoothPairingDialog.java7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/com/android/settings/bluetooth/BluetoothPairingDialog.java b/src/com/android/settings/bluetooth/BluetoothPairingDialog.java
index 9b2a3e898..d6f27efbc 100755
--- a/src/com/android/settings/bluetooth/BluetoothPairingDialog.java
+++ b/src/com/android/settings/bluetooth/BluetoothPairingDialog.java
@@ -207,8 +207,8 @@ public final class BluetoothPairingDialog extends AlertActivity implements
return null;
}
- // Format the message string, then parse HTML style tags
- String messageText = getString(messageId1, deviceName);
+ // HTML escape deviceName, Format the message string, then parse HTML style tags
+ String messageText = getString(messageId1, Html.escapeHtml(deviceName));
messageView.setText(Html.fromHtml(messageText));
messageView2.setText(messageId2);
mPairingView.setInputType(InputType.TYPE_CLASS_NUMBER);
@@ -220,7 +220,8 @@ public final class BluetoothPairingDialog extends AlertActivity implements
private View createView(CachedBluetoothDeviceManager deviceManager) {
View view = getLayoutInflater().inflate(R.layout.bluetooth_pin_confirm, null);
- String name = deviceManager.getName(mDevice);
+ // Escape device name to avoid HTML injection.
+ String name = Html.escapeHtml(deviceManager.getName(mDevice));
TextView messageView = (TextView) view.findViewById(R.id.message);
String messageText; // formatted string containing HTML style tags
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-30 14:29:56 +0000