cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Bowser <bows...@gmail.com>
Subject Re: Android Plugin API
Date Wed, 28 May 2014 17:06:39 GMT
We don't want this pattern for Android because it is also more bug prone.

On May 28, 2014 8:28 AM, "Erik Jan de Wit" <edewit@redhat.com> wrote:
>
> So this security issue is only a problem if you are able to inject some
arbitrary js code. If your app ships with it’s own html and js this is very
hard to do.

No, it's not. Any trusted input could have the potential to inject JS.
We're not even touching on the third-party ad networks code, frameworks or
other code that developers add on a regular basis.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message