Return-Path: X-Original-To: apmail-cordova-commits-archive@www.apache.org Delivered-To: apmail-cordova-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 22FDA11AA5 for ; Tue, 23 Sep 2014 23:17:58 +0000 (UTC) Received: (qmail 44708 invoked by uid 500); 23 Sep 2014 23:17:58 -0000 Delivered-To: apmail-cordova-commits-archive@cordova.apache.org Received: (qmail 44684 invoked by uid 500); 23 Sep 2014 23:17:58 -0000 Mailing-List: contact commits-help@cordova.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cordova.apache.org Delivered-To: mailing list commits@cordova.apache.org Received: (qmail 44673 invoked by uid 99); 23 Sep 2014 23:17:58 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Sep 2014 23:17:57 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 6F6AD938D51; Tue, 23 Sep 2014 23:17:57 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: marcelk@apache.org To: commits@cordova.apache.org Message-Id: <144cad64a60c4d6a8809a24fc5e5445c@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: docs commit: CB-7623 properly escape the xml examples Date: Tue, 23 Sep 2014 23:17:57 +0000 (UTC) Repository: cordova-docs Updated Branches: refs/heads/master f6a38e4a4 -> fc69d715a CB-7623 properly escape the xml examples Project: http://git-wip-us.apache.org/repos/asf/cordova-docs/repo Commit: http://git-wip-us.apache.org/repos/asf/cordova-docs/commit/fc69d715 Tree: http://git-wip-us.apache.org/repos/asf/cordova-docs/tree/fc69d715 Diff: http://git-wip-us.apache.org/repos/asf/cordova-docs/diff/fc69d715 Branch: refs/heads/master Commit: fc69d715a50e45a7b4f0540a46162f0af4efa5fe Parents: f6a38e4 Author: Marcel Kinard Authored: Tue Sep 23 19:17:08 2014 -0400 Committer: Marcel Kinard Committed: Tue Sep 23 19:17:08 2014 -0400 ---------------------------------------------------------------------- docs/en/3.6.0/guide/appdev/whitelist/index.md | 16 ++++++++-------- docs/en/edge/guide/appdev/whitelist/index.md | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/fc69d715/docs/en/3.6.0/guide/appdev/whitelist/index.md ---------------------------------------------------------------------- diff --git a/docs/en/3.6.0/guide/appdev/whitelist/index.md b/docs/en/3.6.0/guide/appdev/whitelist/index.md index bfc05c7..6c73525 100644 --- a/docs/en/3.6.0/guide/appdev/whitelist/index.md +++ b/docs/en/3.6.0/guide/appdev/whitelist/index.md @@ -94,37 +94,37 @@ On older versions of Android, it may not be possible to restrict them. Cordova 3.6.0 introduces a second whitelist, for restricting which URLs are allowed to launch external applications. In previous versions of Cordova, all non-http URLs, such as `mailto:`, `geo:`, `sms:` and `intent`, -were implicitly allowed to be the target of a an tag. Because of the +were implicitly allowed to be the target of an <a> tag. Because of the potential for an application to leak information, if an XSS vulnerability allows an attacker to construct arbitrary links, these URLs must be whitelisted as well, starting in Cordova 3.6.0. -To allow a URL pattern to launch an external application, use an +To allow a URL pattern to launch an external application, use an <access> tag in your `config.xml` file, with the `launch-external` attribute set. Examples: * To allow links to send SMS messages: - + * To allow links to open Maps: - + * To allow links to example.com to open in an external browser: - + * To allow all non-whitelisted websites to open in an external browser: (This is the same as the previous behaviour for non-whitelisted URLs) - - + + * To allow access to all URLs, reverting to the Cordova 3.5.0 policy (not recommended): - + When navigating to a URL from within your application, the interal whitelist is tested first, and if the URL is not whitelisted there, then the external http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/fc69d715/docs/en/edge/guide/appdev/whitelist/index.md ---------------------------------------------------------------------- diff --git a/docs/en/edge/guide/appdev/whitelist/index.md b/docs/en/edge/guide/appdev/whitelist/index.md index bfc05c7..6c73525 100644 --- a/docs/en/edge/guide/appdev/whitelist/index.md +++ b/docs/en/edge/guide/appdev/whitelist/index.md @@ -94,37 +94,37 @@ On older versions of Android, it may not be possible to restrict them. Cordova 3.6.0 introduces a second whitelist, for restricting which URLs are allowed to launch external applications. In previous versions of Cordova, all non-http URLs, such as `mailto:`, `geo:`, `sms:` and `intent`, -were implicitly allowed to be the target of a an tag. Because of the +were implicitly allowed to be the target of an <a> tag. Because of the potential for an application to leak information, if an XSS vulnerability allows an attacker to construct arbitrary links, these URLs must be whitelisted as well, starting in Cordova 3.6.0. -To allow a URL pattern to launch an external application, use an +To allow a URL pattern to launch an external application, use an <access> tag in your `config.xml` file, with the `launch-external` attribute set. Examples: * To allow links to send SMS messages: - + * To allow links to open Maps: - + * To allow links to example.com to open in an external browser: - + * To allow all non-whitelisted websites to open in an external browser: (This is the same as the previous behaviour for non-whitelisted URLs) - - + + * To allow access to all URLs, reverting to the Cordova 3.5.0 policy (not recommended): - + When navigating to a URL from within your application, the interal whitelist is tested first, and if the URL is not whitelisted there, then the external