From ecdc3c1551c347249f5388ce1dd62fae022102e2 Mon Sep 17 00:00:00 2001
From: Marino Meneghel <marino.meneghel@protonmail.com>
Date: Thu, 28 Sep 2023 15:47:44 +0200
Subject: [PATCH] Block loading of remote favicons when loading a message

This prevents a vulnerability where a malicious actor could craft
a message which would cause a leak of personal information
(such as IP address, browser info and OS) upon opening.

MAILAND-3104
---
 .../main/java/ch/protonmail/android/views/PmWebViewClient.kt   | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/app/src/main/java/ch/protonmail/android/views/PmWebViewClient.kt b/app/src/main/java/ch/protonmail/android/views/PmWebViewClient.kt
index db4da7183..86335358f 100644
--- a/app/src/main/java/ch/protonmail/android/views/PmWebViewClient.kt
+++ b/app/src/main/java/ch/protonmail/android/views/PmWebViewClient.kt
@@ -252,9 +252,6 @@ open class PmWebViewClient(
         if (uri.scheme.equals("cid", ignoreCase = true) || uri.scheme.equals("data", ignoreCase = true)) {
             return super.shouldInterceptRequest(view, url)
         }
-        if (url.lowercase(Locale.getDefault()).contains("/favicon.ico")) {
-            return super.shouldInterceptRequest(view, url)
-        }
         blockedImages++
         return WebResourceResponse("text/plain", "utf-8", ByteArrayInputStream(ByteArray(0)))
     }