Return-Path: X-Original-To: apmail-cordova-commits-archive@www.apache.org Delivered-To: apmail-cordova-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B9DB217B19 for ; Tue, 3 Mar 2015 02:40:58 +0000 (UTC) Received: (qmail 63351 invoked by uid 500); 3 Mar 2015 02:40:55 -0000 Delivered-To: apmail-cordova-commits-archive@cordova.apache.org Received: (qmail 63252 invoked by uid 500); 3 Mar 2015 02:40:55 -0000 Mailing-List: contact commits-help@cordova.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list commits@cordova.apache.org Received: (qmail 63209 invoked by uid 99); 3 Mar 2015 02:40:55 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Mar 2015 02:40:55 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 61249E0FC5; Tue, 3 Mar 2015 02:40:55 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: agrieve@apache.org To: commits@cordova.apache.org Date: Tue, 03 Mar 2015 02:40:56 -0000 Message-Id: <37c6e2749f1e44c084a362a234fec8f8@git.apache.org> In-Reply-To: <406f2e5feadf47fe92345009998d8421@git.apache.org> References: <406f2e5feadf47fe92345009998d8421@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [2/4] android commit: CB-8587 Don't allow webview navigations within showWebPage that are not whitelisted CB-8587 Don't allow webview navigations within showWebPage that are not whitelisted Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/af2969de Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/af2969de Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/af2969de Branch: refs/heads/master Commit: af2969dec58ca89150b84b5d57edcf63d4ce1302 Parents: 53dba86 Author: Andrew Grieve Authored: Mon Mar 2 21:00:22 2015 -0500 Committer: Andrew Grieve Committed: Mon Mar 2 21:04:20 2015 -0500 ---------------------------------------------------------------------- framework/src/org/apache/cordova/CordovaWebViewImpl.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cordova-android/blob/af2969de/framework/src/org/apache/cordova/CordovaWebViewImpl.java ---------------------------------------------------------------------- diff --git a/framework/src/org/apache/cordova/CordovaWebViewImpl.java b/framework/src/org/apache/cordova/CordovaWebViewImpl.java index d3f5ec9..a7dd41a 100644 --- a/framework/src/org/apache/cordova/CordovaWebViewImpl.java +++ b/framework/src/org/apache/cordova/CordovaWebViewImpl.java @@ -209,7 +209,7 @@ public class CordovaWebViewImpl implements CordovaWebView { @Override public void showWebPage(String url, boolean openExternal, boolean clearHistory, Map params) { - LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap", url, openExternal, clearHistory); + LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap)", url, openExternal, clearHistory); // If clearing history if (clearHistory) { @@ -223,10 +223,13 @@ public class CordovaWebViewImpl implements CordovaWebView { // TODO: What about params? // Load new URL loadUrlIntoView(url, true); - return; + } else { + LOG.w(TAG, "showWebPage: Refusing to load URL into webview since it is not in the whitelist. URL=" + url); } - // Load in default viewer if not - LOG.w(TAG, "showWebPage: Cannot load URL into webview since it is not in white list. Loading into browser instead. (URL=" + url + ")"); + } + if (!pluginManager.shouldOpenExternalUrl(url)) { + LOG.w(TAG, "showWebPage: Refusing to send intent for URL since it is not in the whitelist. URL=" + url); + return; } try { // Omitting the MIME type for file: URLs causes "No Activity found to handle Intent". --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org For additional commands, e-mail: commits-help@cordova.apache.org