Sanitize selector Intent when handling intent: scheme.android-4.4w_r1android-4.4.4_r2.0.1android-4.4.4_r2android-4.4.4_r1.0.1android-4.4.4_r1kitkat-wearkitkat-mr2.2-releasekitkat-mr2.1-release

Android Intents have a selector field which, if present, are used
to search for the Activity to invoke. These must also be sanitized
before handing off to the OS.

BUG:14562482
Change-Id: I30461e11be48ec623ab0f56d0d0f206dc2849c98

1 files changed, 5 insertions, 0 deletions

diff --git a/chromium/java/com/android/webview/chromium/WebViewContentsClientAdapter.java b/chromium/java/com/android/webview/chromium/WebViewContentsClientAdapter.java
index 8749985..3a81c0d 100644
--- a/chromium/java/com/android/webview/chromium/WebViewContentsClientAdapter.java
+++ b/chromium/java/com/android/webview/chromium/WebViewContentsClientAdapter.java
@@ -189,6 +189,11 @@ public class WebViewContentsClientAdapter extends AwContentsClient {
             // security (only access to BROWSABLE activities).
             intent.addCategory(Intent.CATEGORY_BROWSABLE);
             intent.setComponent(null);
+            Intent selector = intent.getSelector();
+            if (selector != null) {
+                selector.addCategory(Intent.CATEGORY_BROWSABLE);
+                selector.setComponent(null);
+            }
             // Pass the package name as application ID so that the intent from the
             // same application can be opened in the same tab.
             intent.putExtra(Browser.EXTRA_APPLICATION_ID,