cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Sierra (JIRA)" <>
Subject [jira] [Commented] (CB-2099) Android whitelisting only blocks documents, not resources
Date Mon, 30 Sep 2013 18:33:23 GMT


Mike Sierra commented on CB-2099:

OK; I noted the risk of script injection exploits.

But separately from this bug, I also need to clarify in Whitelist doc under what circumstances
navigation to a link (a) is deferred to the default browser rather than (b) suppressed altogether.
Current doc implies (b).

> Android whitelisting only blocks documents, not resources
> ---------------------------------------------------------
>                 Key: CB-2099
>                 URL:
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android
>    Affects Versions: 2.2.0
>            Reporter: manjula fernando
>            Assignee: Mike Sierra
> The Domain Whitelisting in Android works only for the href links, but not for the embedded
resources (images, javascripts). If link is not whitelisted it gets opened in a new instance
of native browser rather than blocking it completely. But in iOS it blocks all non-whitelisted
domains. Please let me know whether this is the expected behavior in whitelisting for Android?.
If so, has this been identified as a known issue and planning to be fixed in future release?
Appreciate your early response on this.

This message was sent by Atlassian JIRA

View raw message