cordova-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From i..@apache.org
Subject [4/5] android commit: CB-7291: Restrict meaning of "*" in internal whitelist to just http and https
Date Tue, 26 Aug 2014 19:49:28 GMT
CB-7291: Restrict meaning of "*" in internal whitelist to just http and https


Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/6e222c39
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/6e222c39
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/6e222c39

Branch: refs/heads/master
Commit: 6e222c3938db43fc00f3d6f8fbb138af075c689b
Parents: 3b3bd9b
Author: Ian Clelland <iclelland@chromium.org>
Authored: Tue Aug 26 14:58:00 2014 -0400
Committer: Ian Clelland <iclelland@chromium.org>
Committed: Tue Aug 26 15:23:24 2014 -0400

----------------------------------------------------------------------
 framework/src/org/apache/cordova/ConfigXmlParser.java | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-android/blob/6e222c39/framework/src/org/apache/cordova/ConfigXmlParser.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/ConfigXmlParser.java b/framework/src/org/apache/cordova/ConfigXmlParser.java
index 2a667a9..1ada1af 100644
--- a/framework/src/org/apache/cordova/ConfigXmlParser.java
+++ b/framework/src/org/apache/cordova/ConfigXmlParser.java
@@ -119,7 +119,15 @@ public class ConfigXmlParser {
                         if (external) {
                             externalWhitelist.addWhiteListEntry(origin, (subdomains != null)
&& (subdomains.compareToIgnoreCase("true") == 0));
                         } else {
-                            internalWhitelist.addWhiteListEntry(origin, (subdomains != null)
&& (subdomains.compareToIgnoreCase("true") == 0));
+                            if ("*".equals(origin)) {
+                                // Special-case * origin to mean http and https when used
for internal
+                                // whitelist. This prevents external urls like sms: and geo:
from being
+                                // handled internally.
+                                internalWhitelist.addWhiteListEntry("http://*/*", false);
+                                internalWhitelist.addWhiteListEntry("https://*/*", false);
+                            } else {
+                                internalWhitelist.addWhiteListEntry(origin, (subdomains !=
null) && (subdomains.compareToIgnoreCase("true") == 0));
+                            }
                         }
                     }
                 }


Mime
View raw message