ProtonMail
/
proton-mail-android
mirror of https://github.com/ProtonMail/proton-mail-android
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Block loading of remote favicons when loading a message 

This prevents a vulnerability where a malicious actor could craft
a message which would cause a leak of personal information
(such as IP address, browser info and OS) upon opening.

MAILAND-3104
This commit is contained in:
Marino Meneghel 2023-09-28 15:47:44 +02:00
parent 5bf09eaabf
commit ecdc3c1551
1 changed files with 0 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/src/main/java/ch/protonmail/android/views/PmWebViewClient.kt
View File

@ -252,9 +252,6 @@ open class PmWebViewClient(
if (uri.scheme.equals("cid", ignoreCase = true) || uri.scheme.equals("data", ignoreCase = true)) {
return super.shouldInterceptRequest(view, url)
}
if (url.lowercase(Locale.getDefault()).contains("/favicon.ico")) {
return super.shouldInterceptRequest(view, url)
}
blockedImages++
return WebResourceResponse("text/plain", "utf-8", ByteArrayInputStream(ByteArray(0)))
}