cordova-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bra...@apache.org
Subject android commit: Fixed protocol regex bug. Unknown protocol support Added whitelist support for unknown protocols
Date Tue, 26 Mar 2013 16:29:23 GMT
Updated Branches:
  refs/heads/master 73c7994cd -> f4859444d


Fixed protocol regex bug. Unknown protocol support Added whitelist support for unknown protocols


Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/f4859444
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/f4859444
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/f4859444

Branch: refs/heads/master
Commit: f4859444ddca5a94a1bcb8d7fcfef6faedc476d2
Parents: 73c7994
Author: Shravan Narayan <shravanrn@dhcp-172-23-180-146.wat.corp.google.com>
Authored: Tue Mar 26 00:10:26 2013 -0400
Committer: Shravan Narayan <shravanrn@dhcp-172-23-180-146.wat.corp.google.com>
Committed: Tue Mar 26 00:20:11 2013 -0400

----------------------------------------------------------------------
 framework/src/org/apache/cordova/Config.java |   24 ++++++++++++++++----
 1 files changed, 19 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-android/blob/f4859444/framework/src/org/apache/cordova/Config.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/Config.java b/framework/src/org/apache/cordova/Config.java
index f5de38d..594c2b2 100644
--- a/framework/src/org/apache/cordova/Config.java
+++ b/framework/src/org/apache/cordova/Config.java
@@ -171,7 +171,7 @@ public class Config {
                     LOG.i("CordovaLog", "Found start page location: %s", src);
 
                     if (src != null) {
-                        Pattern schemeRegex = Pattern.compile("^[a-z]+://");
+                        Pattern schemeRegex = Pattern.compile("^[a-z-]+://");
                         Matcher matcher = schemeRegex.matcher(src);
                         if (matcher.find()) {
                             startUrl = src;
@@ -220,19 +220,33 @@ public class Config {
             } else { // specific access
                 // check if subdomains should be included
                 // TODO: we should not add more domains if * has already been added
+                Pattern schemeRegex = Pattern.compile("^[a-z-]+://");
+                Matcher matcher = schemeRegex.matcher(origin);
                 if (subdomains) {
-                    // XXX making it stupid friendly for people who forget to include protocol/SSL
+                    // Check for http or https protocols
                     if (origin.startsWith("http")) {
                         this.whiteList.add(Pattern.compile(origin.replaceFirst("https?://",
"^https?://(.*\\.)?")));
-                    } else {
+                    }
+                    // Check for other protocols
+                    else if(matcher.find()){
+                        this.whiteList.add(Pattern.compile("^" + origin.replaceFirst("//",
"//(.*\\.)?")));
+                    }
+                    // XXX making it stupid friendly for people who forget to include protocol/SSL
+                    else {
                         this.whiteList.add(Pattern.compile("^https?://(.*\\.)?" + origin));
                     }
                     LOG.d(TAG, "Origin to allow with subdomains: %s", origin);
                 } else {
-                    // XXX making it stupid friendly for people who forget to include protocol/SSL
+                    // Check for http or https protocols
                     if (origin.startsWith("http")) {
                         this.whiteList.add(Pattern.compile(origin.replaceFirst("https?://",
"^https?://")));
-                    } else {
+                    }
+                    // Check for other protocols
+                    else if(matcher.find()){
+                        this.whiteList.add(Pattern.compile("^" + origin));
+                    }
+                    // XXX making it stupid friendly for people who forget to include protocol/SSL
+                    else {
                         this.whiteList.add(Pattern.compile("^https?://" + origin));
                     }
                     LOG.d(TAG, "Origin to allow: %s", origin);


Mime
View raw message