cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Clelland <iclell...@chromium.org>
Subject Whitelist breakout update
Date Thu, 30 Oct 2014 20:04:07 GMT
I've spent the majority of the week finishing up the whitelist-breakout
code, and I'd invite the rest of the community to take a look, before we
make anything official.

In order to retain some kind of backward compatibility with existing apps
(because it's a terrible situation for everyone when we break that), I've
endeavoured to provide hooks so that all of the existing functionality can
be moved to a plugin, and so that *something* useful still happens if you
don't have any plugins at all.

Policy decisions are made centrally (in Android, by CordovaUriHelper; in
iOS, by CDVViewController), first by asking all installed plugins whether
to allow or deny the request, and if no plugins reply, then by applying a
default policy (which is sane, but more restrictive than Cordova 3.6)

Without any plugins, Cordova will allow navigation within the app itself,
to file urls, and will allow resource loads (XHRs) from that space as well.
External applications are *not* launched. <access> tags in config.xml are
completely ignored.

I've also modified the config parsers so that they can be used by plugins.
(For example, the sample cordova-plugin-whitelist plugin reads config.xml
to extract <access> tags for building its own whitelist, but other plugins
could use any other method they wanted)

All of this is in git, on branches named "unplug-whitelist", on these repos:
cordova-android
cordova-ios
cordova-plugin-inappbrowser
cordova-plugin-file-transfer
cordova-mobile-spec

I wrote a sample plugin --
https://github.com/clelland/cordova-plugin-whitelist -- which implements
the Cordova 3.6 behaviour. With that plugin, <access> tags in config.xml
are parsed, just as they are right now. Navigation and XHR access to
external resources is controlled by <access origin=... > tags, and
launching of other applications is controlled by <access origin=...
launch-external="yes"> tags.

Comments welcome  -- either here or on
https://issues.apache.org/jira/browse/CB-7747

Ian

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message