From 3b6cccdf7a4bd6b187479eccf1feb53f2c5621f5 Mon Sep 17 00:00:00 2001 From: cketti Date: Mon, 8 Feb 2010 03:23:41 +0000 Subject: [PATCH] Use Reflection to call WebSettings.setBlockNetworkLoads() to prevent info leaks via external resource loading. Fixes issue 1183 --- src/com/fsck/k9/K9.java | 56 +++++++++++++++++++---- src/com/fsck/k9/activity/MessageView.java | 2 + 2 files changed, 49 insertions(+), 9 deletions(-) diff --git a/src/com/fsck/k9/K9.java b/src/com/fsck/k9/K9.java index 6aa84c649..88585a87c 100644 --- a/src/com/fsck/k9/K9.java +++ b/src/com/fsck/k9/K9.java @@ -9,6 +9,8 @@ import android.content.SharedPreferences; import android.content.pm.PackageManager; import android.net.Uri; import android.util.Log; +import android.webkit.WebSettings; + import com.fsck.k9.activity.MessageCompose; import com.fsck.k9.mail.Address; import com.fsck.k9.mail.Message; @@ -18,7 +20,7 @@ import com.fsck.k9.service.BootReceiver; import com.fsck.k9.service.MailService; import java.io.File; -import java.util.UUID; +import java.lang.reflect.Method; public class K9 extends Application { @@ -70,6 +72,14 @@ public class K9 extends Application private static boolean mMessageListCheckboxes = false; private static boolean mMessageListTouchable = false; + /** + * We use WebSettings.getBlockNetworkLoads() to prevent the WebView that displays email + * bodies from loading external resources over the network. Unfortunately this method + * isn't exposed via the official Android API. That's why we use reflection to be able + * to call the method. + */ + private static final Method mGetBlockNetworkLoads = getMethod(WebSettings.class, "setBlockNetworkLoads"); + /** * The MIME type(s) of attachments we're willing to send. At the moment it is not possible @@ -476,12 +486,40 @@ public class K9 extends Application { mMessageListCheckboxes = checkboxes; } + + + private static Method getMethod(Class classObject, String methodName) + { + try + { + Method method = classObject.getMethod(methodName, boolean.class); + return method; + } + catch (NoSuchMethodException e) + { + Log.i(K9.LOG_TAG, "Can't get method " + + classObject.toString() + "." + methodName); + } + catch (Exception e) + { + Log.e(K9.LOG_TAG, "Error while using reflection to get method " + + classObject.toString() + "." + methodName, e); + } + return null; + } + + public static void setBlockNetworkLoads(WebSettings webSettings, boolean state) + { + if (mGetBlockNetworkLoads != null) + { + try + { + mGetBlockNetworkLoads.invoke(webSettings, state); + } + catch (Exception e) + { + Log.e(K9.LOG_TAG, "Error on invoking WebSettings.setBlockNetworkLoads()", e); + } + } + } } - - - - - - - - diff --git a/src/com/fsck/k9/activity/MessageView.java b/src/com/fsck/k9/activity/MessageView.java index d1f9f2e02..08d69daae 100644 --- a/src/com/fsck/k9/activity/MessageView.java +++ b/src/com/fsck/k9/activity/MessageView.java @@ -623,6 +623,7 @@ public class MessageView extends K9Activity { mMessageUid = uid; mMessageContentView.getSettings().setBlockNetworkImage(true); + K9.setBlockNetworkLoads(mMessageContentView.getSettings(), true); mAttachments.removeAllViews(); findSurroundingMessagesUid(); @@ -1028,6 +1029,7 @@ public class MessageView extends K9Activity private void onShowPictures() { + K9.setBlockNetworkLoads(mMessageContentView.getSettings(), false); mMessageContentView.getSettings().setBlockNetworkImage(false); mShowPicturesSection.setVisibility(View.GONE); }