From 0ff354a4eb35b49ad65676303d41d32898ca423f Mon Sep 17 00:00:00 2001 From: sspanak Date: Mon, 21 Oct 2024 13:32:11 +0300 Subject: [PATCH] for security reasons, clicking the external links in the on the Help screen no longer opens website directly, but instead triggers the share URL dialog --- .../sspanak/tt9/ui/WebViewActivity.java | 13 ++--- .../sspanak/tt9/ui/WebViewSafeClient.java | 52 +++++++++++++++++++ app/src/main/res/values-bg/strings.xml | 1 + app/src/main/res/values-de/strings.xml | 1 + app/src/main/res/values-es/strings.xml | 1 + app/src/main/res/values-fr/strings.xml | 1 + app/src/main/res/values-it/strings.xml | 1 + app/src/main/res/values-iw/strings.xml | 1 + app/src/main/res/values-lt/strings.xml | 1 + app/src/main/res/values-nl/strings.xml | 1 + app/src/main/res/values-pt-rBR/strings.xml | 1 + app/src/main/res/values-ru/strings.xml | 1 + app/src/main/res/values-tr/strings.xml | 1 + app/src/main/res/values-uk/strings.xml | 1 + app/src/main/res/values/strings.xml | 2 + 15 files changed, 73 insertions(+), 6 deletions(-) create mode 100644 app/src/main/java/io/github/sspanak/tt9/ui/WebViewSafeClient.java diff --git a/app/src/main/java/io/github/sspanak/tt9/ui/WebViewActivity.java b/app/src/main/java/io/github/sspanak/tt9/ui/WebViewActivity.java index c207b6b4..af90034b 100644 --- a/app/src/main/java/io/github/sspanak/tt9/ui/WebViewActivity.java +++ b/app/src/main/java/io/github/sspanak/tt9/ui/WebViewActivity.java @@ -10,7 +10,7 @@ import androidx.annotation.Nullable; import androidx.appcompat.app.ActionBar; abstract public class WebViewActivity extends EdgeToEdgeActivity implements View.OnAttachStateChangeListener { - private WebView container; + private WebView webView; @Override protected void onCreate(@Nullable Bundle savedInstanceState) { @@ -28,7 +28,7 @@ abstract public class WebViewActivity extends EdgeToEdgeActivity implements View @Override protected void onDestroy() { - container.removeOnAttachStateChangeListener(this); + webView.removeOnAttachStateChangeListener(this); super.onDestroy(); } @@ -52,8 +52,9 @@ abstract public class WebViewActivity extends EdgeToEdgeActivity implements View } private void setContent() { - container = new WebView(this); - container.addOnAttachStateChangeListener(this); + webView = new WebView(this); + webView.addOnAttachStateChangeListener(this); + webView.setWebViewClient(new WebViewSafeClient(this)); // On API > 30 the WebView does not load the entire String with .loadData(), // so we need to do this weird shit. @@ -61,9 +62,9 @@ abstract public class WebViewActivity extends EdgeToEdgeActivity implements View // Reference: https://developer.android.com/develop/ui/views/layout/webapps/webview String text = getText(); String encodedHtml = "app:" + Base64.encodeToString(text.getBytes(), Base64.NO_PADDING); - container.loadDataWithBaseURL(encodedHtml, text, getMimeType(), "UTF-8", null); + webView.loadDataWithBaseURL(encodedHtml, text, getMimeType(), "UTF-8", null); - setContentView(container); + setContentView(webView); } abstract protected String getText(); diff --git a/app/src/main/java/io/github/sspanak/tt9/ui/WebViewSafeClient.java b/app/src/main/java/io/github/sspanak/tt9/ui/WebViewSafeClient.java new file mode 100644 index 00000000..8bf4c350 --- /dev/null +++ b/app/src/main/java/io/github/sspanak/tt9/ui/WebViewSafeClient.java @@ -0,0 +1,52 @@ +package io.github.sspanak.tt9.ui; + +import android.app.Activity; +import android.content.Intent; +import android.os.Build; +import android.webkit.WebView; +import android.webkit.WebViewClient; + +import androidx.annotation.NonNull; + +import io.github.sspanak.tt9.R; +import io.github.sspanak.tt9.util.Clipboard; +import io.github.sspanak.tt9.util.Logger; + +public class WebViewSafeClient extends WebViewClient { + private final Activity activity; + + public WebViewSafeClient(@NonNull Activity activity) { + super(); + this.activity = activity; + } + + @Override + public boolean shouldOverrideUrlLoading(WebView view, String url) { + if (!url.startsWith("http")) { + return super.shouldOverrideUrlLoading(view, url); + } + + if (Build.VERSION.SDK_INT < Build.VERSION_CODES.Q || !shareLink(url)) { + Clipboard.copy(activity, url); + if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.S_V2) { + UI.toastShortSingle(activity, R.string.help_url_copied); + } + } + + return true; + } + + private boolean shareLink(String url) { + Intent intent = new Intent(Intent.ACTION_SEND); + intent.setType("text/plain"); + intent.putExtra(Intent.EXTRA_TEXT, url); + + try { + activity.startActivity(Intent.createChooser(intent, "Share URL")); + return true; + } catch (Exception e) { + Logger.d(getClass().getSimpleName(), "Failed sharing URL: '" + url + "'. " + e.getMessage()); + return false; + } + } +} diff --git a/app/src/main/res/values-bg/strings.xml b/app/src/main/res/values-bg/strings.xml index 5adc1aac..ef001670 100644 --- a/app/src/main/res/values-bg/strings.xml +++ b/app/src/main/res/values-bg/strings.xml @@ -169,6 +169,7 @@ Импортиране на думи от по-рано експортирано CSV. Импортиране на CSV (%1$s)… Импортиране на CSV… + Връзката е копирана. (зареден) Избор на езици Търси езици diff --git a/app/src/main/res/values-de/strings.xml b/app/src/main/res/values-de/strings.xml index 54d71ecf..a3e8e549 100644 --- a/app/src/main/res/values-de/strings.xml +++ b/app/src/main/res/values-de/strings.xml @@ -157,6 +157,7 @@ Wörter aus einer zuvor exportierten CSV-Datei importieren. CSV importieren (%1$s)… CSV importieren… + Der Link ist kopiert. (geladen) Sprachen aktivieren Nach Sprachen suchen diff --git a/app/src/main/res/values-es/strings.xml b/app/src/main/res/values-es/strings.xml index c0d79882..24fdb0ac 100644 --- a/app/src/main/res/values-es/strings.xml +++ b/app/src/main/res/values-es/strings.xml @@ -167,6 +167,7 @@ Importar palabras de un CSV previamente exportado. Importando CSV (%1$s)… Importando CSV… + El enlace ha sido copiado. (cargado) Habilitar idiomas Buscar idiomas diff --git a/app/src/main/res/values-fr/strings.xml b/app/src/main/res/values-fr/strings.xml index dbefa1a3..d6a58629 100644 --- a/app/src/main/res/values-fr/strings.xml +++ b/app/src/main/res/values-fr/strings.xml @@ -165,6 +165,7 @@ Importer des mots à partir d\'un fichier CSV précédemment exporté. Importation de CSV (%1$s)… Importation de CSV… + Le lien est copié. (chargée) Activer les langues Rechercher des langues diff --git a/app/src/main/res/values-it/strings.xml b/app/src/main/res/values-it/strings.xml index 1f2c93aa..2f96b66f 100644 --- a/app/src/main/res/values-it/strings.xml +++ b/app/src/main/res/values-it/strings.xml @@ -157,6 +157,7 @@ Importare parole da un CSV precedentemente esportato. Importazione CSV (%1$s)… Importazione CSV… + Il link è copiato. (caricata) Abilita lingue Cerca lingue diff --git a/app/src/main/res/values-iw/strings.xml b/app/src/main/res/values-iw/strings.xml index 320f5ac2..d5e9bea9 100644 --- a/app/src/main/res/values-iw/strings.xml +++ b/app/src/main/res/values-iw/strings.xml @@ -170,6 +170,7 @@ ייבוא מילים מקובץ CSV שיוצא קודם לכן. מייבא CSV (%1$s)… מייבא CSV… + הקישור הועתק. (נטען) הפעל שפות חיפוש שפות diff --git a/app/src/main/res/values-lt/strings.xml b/app/src/main/res/values-lt/strings.xml index d06feac5..9b84a1b3 100644 --- a/app/src/main/res/values-lt/strings.xml +++ b/app/src/main/res/values-lt/strings.xml @@ -176,6 +176,7 @@ Importuoti žodžius iš anksčiau eksportuoto CSV. Importuojamas CSV (%1$s)… Importuojamas CSV… + Nuoroda nukopijuota. (įkelta) Įjungti kalbas Ieškoti kalbų diff --git a/app/src/main/res/values-nl/strings.xml b/app/src/main/res/values-nl/strings.xml index e692e18c..0c242faa 100644 --- a/app/src/main/res/values-nl/strings.xml +++ b/app/src/main/res/values-nl/strings.xml @@ -156,6 +156,7 @@ Woorden importeren uit een eerder geëxporteerde CSV. CSV importeren (%1$s)… CSV importeren… + Link is gekopieerd. (geladen) Talen inschakelen Zoeken naar talen diff --git a/app/src/main/res/values-pt-rBR/strings.xml b/app/src/main/res/values-pt-rBR/strings.xml index 7d833e66..475b1b15 100644 --- a/app/src/main/res/values-pt-rBR/strings.xml +++ b/app/src/main/res/values-pt-rBR/strings.xml @@ -170,6 +170,7 @@ Importar palavras de um CSV previamente exportado. Importando CSV (%1$s)… Importando CSV… + O link foi copiado. (carregado) Habilitar idiomas Buscar por idiomas diff --git a/app/src/main/res/values-ru/strings.xml b/app/src/main/res/values-ru/strings.xml index 4e6813af..9ef2a104 100644 --- a/app/src/main/res/values-ru/strings.xml +++ b/app/src/main/res/values-ru/strings.xml @@ -167,6 +167,7 @@ Импортировать слова из ранее экспортированного CSV. Импортирование CSV (%1$s)… Импортирование CSV… + Ссылка скопирована. (загружен) Включить языки Поиск языков diff --git a/app/src/main/res/values-tr/strings.xml b/app/src/main/res/values-tr/strings.xml index e7351021..062a680a 100644 --- a/app/src/main/res/values-tr/strings.xml +++ b/app/src/main/res/values-tr/strings.xml @@ -170,6 +170,7 @@ Daha önce dışa aktarılan bir CSV\'den kelimeleri içe aktar. CSV İçe aktarılıyor (%1$s)… CSV İçe aktarılıyor… + Bağlantı kopyalandı. (yüklendi) Dilleri etkinleştir Diller için arama diff --git a/app/src/main/res/values-uk/strings.xml b/app/src/main/res/values-uk/strings.xml index 3469aee4..fdc254a7 100644 --- a/app/src/main/res/values-uk/strings.xml +++ b/app/src/main/res/values-uk/strings.xml @@ -178,6 +178,7 @@ Імпортувати слова з раніше експортованого CSV. Імпорт CSV (%1$s)… Імпорт CSV… + Посилання скопійовано. (завантажено) Увімкнути мови Пошук мов diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index 74a22ca5..5cb56310 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -160,6 +160,8 @@ Restore Default Keys Default key settings restored. + URL copied. + (loaded) Enable Languages Search for Languages