Sanitize VPN label to prevent HTML injection
This commit will try to sanitize the content of VpnDialog. This commit creates a function which will try to sanitize the VPN label, if the sanitized VPN label is different from the original one, which means the VPN label might contain HTML tag or the VPN label violates the words restriction(may contain some wording which will mislead the user). For this kind of case, show the package name instead of the VPN label to prevent misleading the user. The malicious VPN app might be able to add a large number of line breaks with HTML in order to hide the system-displayed text from the user in the connection request dialog. Thus, sanitizing the content of the dialog is needed. Bug: 204554636 Test: N/A Change-Id: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d Merged-In: I8eb890fd2e5797d8d6ab5b12f9c628bc9616081d
Loading
Please register or sign in to comment