cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vladimir Kotikov (Akvelon)" <v-vlk...@microsoft.com>
Subject New-style tests issues
Date Fri, 29 Aug 2014 21:27:54 GMT
We've found issue in manual tests for camera plugin, that crashes an application on windows
platform.
Issue is that code for manual tests is generated at runtime and injected to DOM using innerHtml
property, which is considered as unsafe in windows runtime apps. In other words, if HTML,
you are injecting is invalid or contains unsafe elements, this will cause a runtime exception
(more details of security model of Windows apps here [1] (section 'Dynamically adding HTML')

In this case <select> element and its 'name' attribute are considered unsafe. (List
of safe/unsafe elements and attributes [2])

I see the following possible workarounds:


1.       Replace innterHtml with DOM manuipulation so construct <select> elements manually
using appendChildNode, etc; but this will produces big amount of additional code.

2.       Another workaround - wrap DOM manipulations into execUnsafeLocalFunction call (special
method, which disables security check for inner function on Windows, see [3])

3.       Use https://github.com/MSOpenTech/winstore-jscompat polyfill


In a mean time I propose to just wrap current logic into execUnsafeLocalFunction  on Windows
(since this is just a test app) and see if we should proceed with different, more general
approach if there are more such places found. Thoughts?

Issue: https://issues.apache.org/jira/browse/CB-7433
PR: https://github.com/apache/cordova-plugin-camera/pull/46


[1] http://msdn.microsoft.com/en-us/library/windows/apps/hh465380.aspx#differences
[2] http://msdn.microsoft.com/en-us/library/windows/apps/hh465388.aspx
[3] http://msdn.microsoft.com/en-us/library/windows/apps/hh767331.aspx
---------------
Best regards, Vladimir


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message