cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Grieve <agri...@chromium.org>
Subject Re: [Android] InAppBrowser and URI whitelisting
Date Fri, 24 Apr 2015 23:37:34 GMT
The browser allows any intents, but attaches Category.BROWSABLE to the
intents, which is supposed to make them safe.
We don't restrict the IAB to the network whitelist, so it follows (maybe?)
that we wouldn't restrict it to the intent whitelist.

On Fri, Apr 24, 2015 at 6:06 PM, Jesse <purplecabbage@gmail.com> wrote:

> What does the browser do? That's what the InAppBrowser should do ...
>
> It may also make sense to allow the host cordova app decide whether or not
> to allow it.
> Presumably the host app could allow all intents, but not want to extend
> that to it's InAppBrowser control, or allow some intents for some domains
> ... based on their own logic ...
> Ideally, I think this should be a user problem, ie. give the app developer
> a chance to intercept the request, and if they don't just perform the
> default browser behaviour.
>
>
>
>
>
> @purplecabbage
> risingj.com
>
> On Fri, Apr 24, 2015 at 2:34 PM, Joe Bowser <bowserj@gmail.com> wrote:
>
> > Hey
> >
> > I was looking at CB-8180, and I'm wondering what the correct behaviour
> for
> > intents being launched from URIs should be for an InAppBrowser.  Should
> > these have free reign to open whatever, or should they also be bound by
> the
> > rules of the whitelist?
> >
> > What do people think?
> >
> > Joe
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message