cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Sierra (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CB-2099) Android whitelisting only blocks documents, not resources
Date Mon, 30 Sep 2013 18:33:23 GMT

    [ https://issues.apache.org/jira/browse/CB-2099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782085#comment-13782085
] 

Mike Sierra commented on CB-2099:
---------------------------------

OK; I noted the risk of script injection exploits.

But separately from this bug, I also need to clarify in Whitelist doc under what circumstances
navigation to a link (a) is deferred to the default browser rather than (b) suppressed altogether.
Current doc implies (b).

> Android whitelisting only blocks documents, not resources
> ---------------------------------------------------------
>
>                 Key: CB-2099
>                 URL: https://issues.apache.org/jira/browse/CB-2099
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android
>    Affects Versions: 2.2.0
>            Reporter: manjula fernando
>            Assignee: Mike Sierra
>
> The Domain Whitelisting in Android works only for the href links, but not for the embedded
resources (images, javascripts). If link is not whitelisted it gets opened in a new instance
of native browser rather than blocking it completely. But in iOS it blocks all non-whitelisted
domains. Please let me know whether this is the expected behavior in whitelisting for Android?.
If so, has this been identified as a known issue and planning to be fixed in future release?
Appreciate your early response on this.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message