Merge branch '911-link-sanitation' into 'master'

Sanitize all HTML before displaying it Closes #911 See merge request !493

Merge branch '911-link-sanitation' into 'master'
1918346a · akwizgran · 2a59515c · 24b531e6 · 1918346a
Commit 1918346a authored 8 years ago by akwizgran
--- a/briar-android/src/main/java/org/briarproject/briar/android/util/UiUtils.java
+++ b/briar-android/src/main/java/org/briarproject/briar/android/util/UiUtils.java
@@ -22,6 +22,7 @@ import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.briar.R;
 import org.briarproject.briar.android.view.ArticleMovementMethod;
 import org.briarproject.briar.android.widget.LinkDialogFragment;
+import org.briarproject.briar.util.HtmlUtils;
 import static android.text.format.DateUtils.DAY_IN_MILLIS;
 import static android.text.format.DateUtils.FORMAT_ABBREV_MONTH;
@@ -30,6 +31,7 @@ import static android.text.format.DateUtils.FORMAT_ABBREV_TIME;
 import static android.text.format.DateUtils.FORMAT_SHOW_DATE;
 import static android.text.format.DateUtils.MINUTE_IN_MILLIS;
 import static android.text.format.DateUtils.WEEK_IN_MILLIS;
+import static org.briarproject.briar.util.HtmlUtils.ARTICLE;
 public class UiUtils {
@@ -85,7 +87,7 @@ public class UiUtils {
 	}
 	public static Spanned getSpanned(String s) {
-		return Html.fromHtml(s);
+		return Html.fromHtml(HtmlUtils.clean(s, ARTICLE));
 	}
 	public static void makeLinksClickable(TextView v) {