From d21a49892575669a8f78819b9561b590ad9f61af Mon Sep 17 00:00:00 2001
From: Tom Hacohen <tom@stosb.com>
Date: Fri, 24 Mar 2017 16:09:16 +0000
Subject: [PATCH] Webview: improve whitelist, and include all of the
 "accounts/" subpath.

---
 .../syncadapter/ui/WebViewActivity.java       | 23 ++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/app/src/main/java/com/etesync/syncadapter/ui/WebViewActivity.java b/app/src/main/java/com/etesync/syncadapter/ui/WebViewActivity.java
index 1f7bad21..912224fc 100644
--- a/app/src/main/java/com/etesync/syncadapter/ui/WebViewActivity.java
+++ b/app/src/main/java/com/etesync/syncadapter/ui/WebViewActivity.java
@@ -142,10 +142,27 @@ public class WebViewActivity extends AppCompatActivity {
                 uri1.getPath().equals(uri2.getPath());
     }
 
+    private boolean allowedUris(Uri allowedUris[], Uri uri2) {
+        for (Uri uri : allowedUris) {
+            if (uriEqual(uri, uri2)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     private boolean shouldOverrideUrl(Uri uri) {
-        if (uriEqual(Constants.faqUri, uri) ||
-                uriEqual(Constants.helpUri, uri) ||
-                uriEqual(Constants.registrationUrl, uri)) {
+        final Uri allowedUris[] = new Uri[]{
+                Constants.faqUri,
+                Constants.helpUri,
+                Constants.registrationUrl,
+        };
+        final Uri accountsUri = Constants.webUri.buildUpon().appendEncodedPath("accounts/").build();
+
+        if (allowedUris(allowedUris, uri) ||
+                (uri.getHost().equals(accountsUri.getHost()) &&
+                        (uri.getPath().startsWith(accountsUri.getPath())))
+                ) {
             if (uri.getQueryParameter(QUERY_KEY_EMBEDDED) != null) {
                 return false;
             } else {