cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bowser <bows...@gmail.com>
Subject Re: Whitelist defaults
Date Fri, 02 Nov 2012 18:33:17 GMT
On Fri, Nov 2, 2012 at 10:59 AM, Shazron <shazron@gmail.com> wrote:
> Echoing Anis here. The easiest use case is for corporate use (internal),
> where any connections are restricted to a certain domain for paranoid IT
> types.
>
> I can see the case of us allowing everything _by default_ though (eg adding
> the '*'), which really should have been the default so as to be "backwards
> compatible" with how it was before the whitelist came in. The system could
> detect this sole wildcard entry, and print out a warning in the console
> log, as well as the documentation of course pointing this out -- the latter
> which we should have done in the first place.

OK, that sounds cool, but does that mean that in six months, we're
going to deprecate this behaviour and get more aggressive with the
whitelist?

BTW: In the event that the whitelist isn't found based on the code
that I'm looking at here, Android should block everything and fire
default web intents.  If it's not doing this, that's a bug! When we
refer to defaults, are we referring to the config.xml that we're
circulating?

Also, how are we testing this whitelisting feature? I can tell you
that doing it in JS alone wouldn't be enough.

Joe

Mime
View raw message