Return-Path: X-Original-To: apmail-cordova-commits-archive@www.apache.org Delivered-To: apmail-cordova-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DF04A115CB for ; Tue, 26 Aug 2014 19:25:01 +0000 (UTC) Received: (qmail 6009 invoked by uid 500); 26 Aug 2014 19:25:01 -0000 Delivered-To: apmail-cordova-commits-archive@cordova.apache.org Received: (qmail 5987 invoked by uid 500); 26 Aug 2014 19:25:01 -0000 Mailing-List: contact commits-help@cordova.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cordova.apache.org Delivered-To: mailing list commits@cordova.apache.org Received: (qmail 5891 invoked by uid 99); 26 Aug 2014 19:25:01 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Aug 2014 19:25:01 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 88A58A01C12; Tue, 26 Aug 2014 19:25:01 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: ian@apache.org To: commits@cordova.apache.org Date: Tue, 26 Aug 2014 19:25:03 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [3/3] android commit: CB-7291: Restrict meaning of "*" in internal whitelist to just http and https CB-7291: Restrict meaning of "*" in internal whitelist to just http and https Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/6e222c39 Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/6e222c39 Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/6e222c39 Branch: refs/heads/CB-7291 Commit: 6e222c3938db43fc00f3d6f8fbb138af075c689b Parents: 3b3bd9b Author: Ian Clelland Authored: Tue Aug 26 14:58:00 2014 -0400 Committer: Ian Clelland Committed: Tue Aug 26 15:23:24 2014 -0400 ---------------------------------------------------------------------- framework/src/org/apache/cordova/ConfigXmlParser.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cordova-android/blob/6e222c39/framework/src/org/apache/cordova/ConfigXmlParser.java ---------------------------------------------------------------------- diff --git a/framework/src/org/apache/cordova/ConfigXmlParser.java b/framework/src/org/apache/cordova/ConfigXmlParser.java index 2a667a9..1ada1af 100644 --- a/framework/src/org/apache/cordova/ConfigXmlParser.java +++ b/framework/src/org/apache/cordova/ConfigXmlParser.java @@ -119,7 +119,15 @@ public class ConfigXmlParser { if (external) { externalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0)); } else { - internalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0)); + if ("*".equals(origin)) { + // Special-case * origin to mean http and https when used for internal + // whitelist. This prevents external urls like sms: and geo: from being + // handled internally. + internalWhitelist.addWhiteListEntry("http://*/*", false); + internalWhitelist.addWhiteListEntry("https://*/*", false); + } else { + internalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0)); + } } } }