cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Bowser (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CB-5624) Cordova may not handle intents correctly, may be possible to override config.xml with a custom intent
Date Tue, 10 Dec 2013 01:44:07 GMT

     [ https://issues.apache.org/jira/browse/CB-5624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Joe Bowser resolved CB-5624.
----------------------------

    Resolution: Cannot Reproduce

I was wrong. The config.xml overrides any Extras put on the Intent from the outside.  This
MIGHT not be the behaviour that we want later, but this is the secure behaviour that makes
our apps not totally insecure.

It's better to panic, create the bug and be wrong than to have a nasty surprise.

> Cordova may not handle intents correctly, may be possible to override config.xml with
a custom intent
> -----------------------------------------------------------------------------------------------------
>
>                 Key: CB-5624
>                 URL: https://issues.apache.org/jira/browse/CB-5624
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android
>            Reporter: Joe Bowser
>            Assignee: Joe Bowser
>              Labels: security
>
> After seeing this absolutely terrible idea: http://blog.cttapp.com/p/phonegap-handleopenurl-for-android,
it occured to me that it may be possible to use Android Intents to force a Cordova app to
behave in an improper way.  We have been looking at deprecating getProperty methods for a
while, but we may have to refactor the code.
> This is based on a hunch, but if it's possible to change the startUrl on a Cordova app
just by creating a stupid Android launcher, then there's a pretty big problem. :(



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Mime
View raw message