cordova-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bows...@apache.org
Subject [1/4] android commit: Removing addJavascriptInterface support from all Android versions lower than 4.2 due to security vulnerability
Date Fri, 14 Feb 2014 21:53:46 GMT
Repository: cordova-android
Updated Branches:
  refs/heads/3.4.x 6760d0378 -> 9768e7388


Removing addJavascriptInterface support from all Android versions lower than 4.2 due to security
vulnerability


Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/8f54290e
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/8f54290e
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/8f54290e

Branch: refs/heads/3.4.x
Commit: 8f54290eeccab441504f9e3a913a4fbacd3b89d6
Parents: 6760d03
Author: Joe Bowser <bowserj@apache.org>
Authored: Mon Feb 3 10:11:53 2014 -0800
Committer: Joe Bowser <bowserj@apache.org>
Committed: Thu Feb 6 16:11:55 2014 -0800

----------------------------------------------------------------------
 framework/src/org/apache/cordova/CordovaWebView.java | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-android/blob/8f54290e/framework/src/org/apache/cordova/CordovaWebView.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/CordovaWebView.java b/framework/src/org/apache/cordova/CordovaWebView.java
index fa745b3..c1b0514 100755
--- a/framework/src/org/apache/cordova/CordovaWebView.java
+++ b/framework/src/org/apache/cordova/CordovaWebView.java
@@ -361,18 +361,13 @@ public class CordovaWebView extends WebView {
 
     private void exposeJsInterface() {
         int SDK_INT = Build.VERSION.SDK_INT;
-        boolean isHoneycomb = (SDK_INT >= Build.VERSION_CODES.HONEYCOMB && SDK_INT
<= Build.VERSION_CODES.HONEYCOMB_MR2);
-        if (isHoneycomb || (SDK_INT < Build.VERSION_CODES.GINGERBREAD)) {
+        if ((SDK_INT < Build.VERSION_CODES.JELLY_BEAN_MR1)) {
             Log.i(TAG, "Disabled addJavascriptInterface() bridge since Android version is
old.");
             // Bug being that Java Strings do not get converted to JS strings automatically.
             // This isn't hard to work-around on the JS side, but it's easier to just
             // use the prompt bridge instead.
             return;            
-        } else if (SDK_INT < Build.VERSION_CODES.HONEYCOMB && Build.MANUFACTURER.equals("unknown"))
{
-            // addJavascriptInterface crashes on the 2.3 emulator.
-            Log.i(TAG, "Disabled addJavascriptInterface() bridge callback due to a bug on
the 2.3 emulator");
-            return;
-        }
+        } 
         this.addJavascriptInterface(exposedJsApi, "_cordovaNative");
     }
 


Mime
View raw message