Block loading of remote favicons when loading a message
This prevents a vulnerability where a malicious actor could craft a message which would cause a leak of personal information (such as IP address, browser info and OS) upon opening. MAILAND-3104
This commit is contained in:
parent
5bf09eaabf
commit
ecdc3c1551
|
@ -252,9 +252,6 @@ open class PmWebViewClient(
|
|||
if (uri.scheme.equals("cid", ignoreCase = true) || uri.scheme.equals("data", ignoreCase = true)) {
|
||||
return super.shouldInterceptRequest(view, url)
|
||||
}
|
||||
if (url.lowercase(Locale.getDefault()).contains("/favicon.ico")) {
|
||||
return super.shouldInterceptRequest(view, url)
|
||||
}
|
||||
blockedImages++
|
||||
return WebResourceResponse("text/plain", "utf-8", ByteArrayInputStream(ByteArray(0)))
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue