From 24b531e6b267acf32625a040c8d7214f20a6ce30 Mon Sep 17 00:00:00 2001
From: Torsten Grote <t@grobox.de>
Date: Fri, 24 Mar 2017 16:45:36 -0300
Subject: [PATCH] Sanitize all HTML before displaying it

---
 .../java/org/briarproject/briar/android/util/UiUtils.java     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/briar-android/src/main/java/org/briarproject/briar/android/util/UiUtils.java b/briar-android/src/main/java/org/briarproject/briar/android/util/UiUtils.java
index 57788d4f1a..7d2e898eb0 100644
--- a/briar-android/src/main/java/org/briarproject/briar/android/util/UiUtils.java
+++ b/briar-android/src/main/java/org/briarproject/briar/android/util/UiUtils.java
@@ -22,6 +22,7 @@ import org.briarproject.bramble.api.contact.ContactId;
 import org.briarproject.briar.R;
 import org.briarproject.briar.android.view.ArticleMovementMethod;
 import org.briarproject.briar.android.widget.LinkDialogFragment;
+import org.briarproject.briar.util.HtmlUtils;
 
 import static android.text.format.DateUtils.DAY_IN_MILLIS;
 import static android.text.format.DateUtils.FORMAT_ABBREV_MONTH;
@@ -30,6 +31,7 @@ import static android.text.format.DateUtils.FORMAT_ABBREV_TIME;
 import static android.text.format.DateUtils.FORMAT_SHOW_DATE;
 import static android.text.format.DateUtils.MINUTE_IN_MILLIS;
 import static android.text.format.DateUtils.WEEK_IN_MILLIS;
+import static org.briarproject.briar.util.HtmlUtils.ARTICLE;
 
 public class UiUtils {
 
@@ -85,7 +87,7 @@ public class UiUtils {
 	}
 
 	public static Spanned getSpanned(String s) {
-		return Html.fromHtml(s);
+		return Html.fromHtml(HtmlUtils.clean(s, ARTICLE));
 	}
 
 	public static void makeLinksClickable(TextView v) {
-- 
GitLab