Return-Path: X-Original-To: apmail-cordova-commits-archive@www.apache.org Delivered-To: apmail-cordova-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 08BA310B47 for ; Fri, 14 Feb 2014 21:53:50 +0000 (UTC) Received: (qmail 47831 invoked by uid 500); 14 Feb 2014 21:53:47 -0000 Delivered-To: apmail-cordova-commits-archive@cordova.apache.org Received: (qmail 47765 invoked by uid 500); 14 Feb 2014 21:53:46 -0000 Mailing-List: contact commits-help@cordova.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cordova.apache.org Delivered-To: mailing list commits@cordova.apache.org Received: (qmail 47753 invoked by uid 99); 14 Feb 2014 21:53:46 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 14 Feb 2014 21:53:46 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 45B8C92742A; Fri, 14 Feb 2014 21:53:46 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: bowserj@apache.org To: commits@cordova.apache.org Date: Fri, 14 Feb 2014 21:53:46 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/4] android commit: Removing addJavascriptInterface support from all Android versions lower than 4.2 due to security vulnerability Repository: cordova-android Updated Branches: refs/heads/3.4.x 6760d0378 -> 9768e7388 Removing addJavascriptInterface support from all Android versions lower than 4.2 due to security vulnerability Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/8f54290e Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/8f54290e Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/8f54290e Branch: refs/heads/3.4.x Commit: 8f54290eeccab441504f9e3a913a4fbacd3b89d6 Parents: 6760d03 Author: Joe Bowser Authored: Mon Feb 3 10:11:53 2014 -0800 Committer: Joe Bowser Committed: Thu Feb 6 16:11:55 2014 -0800 ---------------------------------------------------------------------- framework/src/org/apache/cordova/CordovaWebView.java | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cordova-android/blob/8f54290e/framework/src/org/apache/cordova/CordovaWebView.java ---------------------------------------------------------------------- diff --git a/framework/src/org/apache/cordova/CordovaWebView.java b/framework/src/org/apache/cordova/CordovaWebView.java index fa745b3..c1b0514 100755 --- a/framework/src/org/apache/cordova/CordovaWebView.java +++ b/framework/src/org/apache/cordova/CordovaWebView.java @@ -361,18 +361,13 @@ public class CordovaWebView extends WebView { private void exposeJsInterface() { int SDK_INT = Build.VERSION.SDK_INT; - boolean isHoneycomb = (SDK_INT >= Build.VERSION_CODES.HONEYCOMB && SDK_INT <= Build.VERSION_CODES.HONEYCOMB_MR2); - if (isHoneycomb || (SDK_INT < Build.VERSION_CODES.GINGERBREAD)) { + if ((SDK_INT < Build.VERSION_CODES.JELLY_BEAN_MR1)) { Log.i(TAG, "Disabled addJavascriptInterface() bridge since Android version is old."); // Bug being that Java Strings do not get converted to JS strings automatically. // This isn't hard to work-around on the JS side, but it's easier to just // use the prompt bridge instead. return; - } else if (SDK_INT < Build.VERSION_CODES.HONEYCOMB && Build.MANUFACTURER.equals("unknown")) { - // addJavascriptInterface crashes on the 2.3 emulator. - Log.i(TAG, "Disabled addJavascriptInterface() bridge callback due to a bug on the 2.3 emulator"); - return; - } + } this.addJavascriptInterface(exposedJsApi, "_cordovaNative"); }