Mailing-List: contact commits-help@cordova.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cordova.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: agrieve@apache.org
To: commits@cordova.apache.org
Date: Fri, 28 Feb 2014 21:36:04 -0000
Message-Id: <e9448ab6e3964f3ba40605e383f63fbc@git.apache.org>
In-Reply-To: <2c884f94b69541afb08a16469dc20370@git.apache.org>
References: <2c884f94b69541afb08a16469dc20370@git.apache.org>
Subject: [5/8] git commit: Validate that callbackId is correctly formed

Validate that callbackId is correctly formed


Project: http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/commit/26702cb0
Tree: http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/tree/26702cb0
Diff: http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/diff/26702cb0

Branch: refs/heads/master
Commit: 26702cb0720c5c394b407c23570136c53171fa55
Parents: 39e64c9
Author: Ian Clelland <iclelland@chromium.org>
Authored: Wed Feb 19 00:26:19 2014 -0500
Committer: Ian Clelland <iclelland@chromium.org>
Committed: Wed Feb 19 00:26:19 2014 -0500

----------------------------------------------------------------------
 src/ios/CDVInAppBrowser.h |  1 +
 src/ios/CDVInAppBrowser.m | 20 +++++++++++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/blob/26702cb0/src/ios/CDVInAppBrowser.h
----------------------------------------------------------------------
diff --git a/src/ios/CDVInAppBrowser.h b/src/ios/CDVInAppBrowser.h
index 581bcd0..8e2ab12 100644
--- a/src/ios/CDVInAppBrowser.h
+++ b/src/ios/CDVInAppBrowser.h
@@ -30,6 +30,7 @@
 
 @property (nonatomic, retain) CDVInAppBrowserViewController* inAppBrowserViewController;
 @property (nonatomic, copy) NSString* callbackId;
+@property (nonatomic, copy) NSRegularExpression *callbackIdPattern;
 
 - (void)open:(CDVInvokedUrlCommand*)command;
 - (void)close:(CDVInvokedUrlCommand*)command;

http://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser/blob/26702cb0/src/ios/CDVInAppBrowser.m
----------------------------------------------------------------------
diff --git a/src/ios/CDVInAppBrowser.m b/src/ios/CDVInAppBrowser.m
index 213cb73..88b737c 100644
--- a/src/ios/CDVInAppBrowser.m
+++ b/src/ios/CDVInAppBrowser.m
@@ -47,6 +47,7 @@
     self = [super initWithWebView:theWebView];
     if (self != nil) {
         _previousStatusBarStyle = -1;
+        _callbackIdPattern = nil;
     }
 
     return self;
@@ -297,6 +298,23 @@
     [self injectDeferredObject:[command argumentAtIndex:0] withWrapper:jsWrapper];
 }
 
+- (BOOL)isValidCallbackId:(NSString *)callbackId
+{
+    NSError *err = nil;
+    // Initialize on first use
+    if (self.callbackIdPattern == nil) {
+        self.callbackIdPattern = [NSRegularExpression regularExpressionWithPattern:@"^InAppBrowser[0-9]{1,10}$" options:0 error:&err];
+        if (err != nil) {
+            // Couldn't initialize Regex; No is safer than Yes.
+            return NO;
+        }
+    }
+    if ([self.callbackIdPattern firstMatchInString:callbackId options:0 range:NSMakeRange(0, [callbackId length])]) {
+        return YES;
+    }
+    return NO;
+}
+
 /**
  * The iframe bridge provided for the InAppBrowser is capable of executing any oustanding callback belonging
  * to the InAppBrowser plugin. Care has been taken that other callbacks cannot be triggered, and that no
@@ -323,7 +341,7 @@
         NSString* scriptCallbackId = [url host];
         CDVPluginResult* pluginResult = nil;
 
-        if ([scriptCallbackId hasPrefix:@"InAppBrowser"]) {
+        if ([self isValidCallbackId:scriptCallbackId]) {
             NSString* scriptResult = [url path];
             NSError* __autoreleasing error = nil;