cordova-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From agri...@apache.org
Subject [5/8] git commit: Validate that callbackId is correctly formed
Date Fri, 28 Feb 2014 21:36:04 GMT
Validate that callbackId is correctly formed


Project: http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/commit/26702cb0
Tree: http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/tree/26702cb0
Diff: http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/diff/26702cb0

Branch: refs/heads/master
Commit: 26702cb0720c5c394b407c23570136c53171fa55
Parents: 39e64c9
Author: Ian Clelland <iclelland@chromium.org>
Authored: Wed Feb 19 00:26:19 2014 -0500
Committer: Ian Clelland <iclelland@chromium.org>
Committed: Wed Feb 19 00:26:19 2014 -0500

----------------------------------------------------------------------
 src/ios/CDVInAppBrowser.h |  1 +
 src/ios/CDVInAppBrowser.m | 20 +++++++++++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/blob/26702cb0/src/ios/CDVInAppBrowser.h
----------------------------------------------------------------------
diff --git a/src/ios/CDVInAppBrowser.h b/src/ios/CDVInAppBrowser.h
index 581bcd0..8e2ab12 100644
--- a/src/ios/CDVInAppBrowser.h
+++ b/src/ios/CDVInAppBrowser.h
@@ -30,6 +30,7 @@
 
 @property (nonatomic, retain) CDVInAppBrowserViewController* inAppBrowserViewController;
 @property (nonatomic, copy) NSString* callbackId;
+@property (nonatomic, copy) NSRegularExpression *callbackIdPattern;
 
 - (void)open:(CDVInvokedUrlCommand*)command;
 - (void)close:(CDVInvokedUrlCommand*)command;

http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/blob/26702cb0/src/ios/CDVInAppBrowser.m
----------------------------------------------------------------------
diff --git a/src/ios/CDVInAppBrowser.m b/src/ios/CDVInAppBrowser.m
index 213cb73..88b737c 100644
--- a/src/ios/CDVInAppBrowser.m
+++ b/src/ios/CDVInAppBrowser.m
@@ -47,6 +47,7 @@
     self = [super initWithWebView:theWebView];
     if (self != nil) {
         _previousStatusBarStyle = -1;
+        _callbackIdPattern = nil;
     }
 
     return self;
@@ -297,6 +298,23 @@
     [self injectDeferredObject:[command argumentAtIndex:0] withWrapper:jsWrapper];
 }
 
+- (BOOL)isValidCallbackId:(NSString *)callbackId
+{
+    NSError *err = nil;
+    // Initialize on first use
+    if (self.callbackIdPattern == nil) {
+        self.callbackIdPattern = [NSRegularExpression regularExpressionWithPattern:@"^InAppBrowser[0-9]{1,10}$"
options:0 error:&err];
+        if (err != nil) {
+            // Couldn't initialize Regex; No is safer than Yes.
+            return NO;
+        }
+    }
+    if ([self.callbackIdPattern firstMatchInString:callbackId options:0 range:NSMakeRange(0,
[callbackId length])]) {
+        return YES;
+    }
+    return NO;
+}
+
 /**
  * The iframe bridge provided for the InAppBrowser is capable of executing any oustanding
callback belonging
  * to the InAppBrowser plugin. Care has been taken that other callbacks cannot be triggered,
and that no
@@ -323,7 +341,7 @@
         NSString* scriptCallbackId = [url host];
         CDVPluginResult* pluginResult = nil;
 
-        if ([scriptCallbackId hasPrefix:@"InAppBrowser"]) {
+        if ([self isValidCallbackId:scriptCallbackId]) {
             NSString* scriptResult = [url path];
             NSError* __autoreleasing error = nil;
 


Mime
View raw message