Bug 1168998 - Filter intent:// URIs. r?margaret

mobile/android/base/GeckoAppShell.java

@@ -54,6 +54,7 @@ import org.mozilla.gecko.util.NativeJSObject;
 import org.mozilla.gecko.util.ProxySelector;
 import org.mozilla.gecko.util.ThreadUtils;
 
+import android.annotation.TargetApi;
 import android.app.Activity;
 import android.app.ActivityManager;
 import android.app.PendingIntent;
@@ -1199,6 +1200,13 @@ public class GeckoAppShell
                 return null;
             }
 
+            // Only handle applications which can accept arbitrary data from a browser.
+            intent.addCategory(Intent.CATEGORY_BROWSABLE);
+
+            // Prevent site from explicitly opening our internal activities, which can leak data.
+            intent.setComponent(null);
+            nullIntentSelector(intent);
+
             // We only handle explicit Intents at the moment (see bug 851693 comment 20).
             if (intent.getPackage() == null) {
                 return null;
@@ -1281,6 +1289,16 @@ public class GeckoAppShell
         return intent;
     }
 
+    // We create a separate method to better encapsulate the @TargetApi use.
+    @TargetApi(15)
+    private static void nullIntentSelector(final Intent intent) {
+        if (!Versions.feature15Plus) {
+            return;
+        }
+
+        intent.setSelector(null);
+    }
+
     /**
      * Input: vnd:youtube:3MWr19Dp2OU?foo=bar
      * Output: https://www.youtube.com/embed/3MWr19Dp2OU?foo=bar