hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/java/ql/test/experimental/query-tests/security/CWE-749/UnsafeAndroidBroadcastReceiver.java

34 lines
965 B
Java
Raw Permalink Blame History

package com.example.app;
import android.app.Activity;
import android.content.Context;
import android.content.Intent;
import android.content.BroadcastReceiver;
import android.os.Bundle;
import android.webkit.WebSettings;
import android.webkit.WebView;
import android.webkit.WebViewClient;
public class UnsafeAndroidBroadcastReceiver extends BroadcastReceiver {
//Test onCreate with JavaScript enabled but cross-origin resource access disabled while taking remote user inputs
@Override
public void onReceive(Context context, Intent intent) {
String thisUrl = intent.getStringExtra("url");
WebView wv = null;
WebSettings webSettings = wv.getSettings();
webSettings.setJavaScriptEnabled(true);
webSettings.setAllowFileAccessFromFileURLs(true);
wv.setWebViewClient(new WebViewClient() {
@Override
public boolean shouldOverrideUrlLoading(WebView view, String url) {
view.loadUrl(url);
return true;
}
});
wv.loadUrl(thisUrl);
}
}
Reference in New Issue View Git Blame Copy Permalink