cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CB-10897) Cannot access specific non http or https URLs that are Whitelisted
Date Fri, 18 Mar 2016 19:28:33 GMT

    [ https://issues.apache.org/jira/browse/CB-10897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15202002#comment-15202002
] 

ASF GitHub Bot commented on CB-10897:
-------------------------------------

GitHub user ktop opened a pull request:

    https://github.com/apache/cordova-android/pull/283

    CB-10897 Refactor URI Parsing for Whitelist

    Fix for CB-10897. 
    
    I moved out the code that parses the 'origin' from the whitelist to a separate function
so that it can also be used to parse the URLs that request access instead of using Android's
Uri class parse function. Android's Uri parse function does not parse 'host' the same way
that Cordova parses the host in origin for whitelist, so host ends up being null and the comparison
fails. Using the same parsing methods is the way to go to give accurate comparisons of URLs
to those in the whitelist. 
    
    Also, I can have specific non http/https URLs in my whitelist now. 
    Something like this works now without the wildcard:
    <allow-intent href="market://details?id=com.google.android.apps.maps" />

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ktop/cordova-android CB-10897

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cordova-android/pull/283.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #283
    
----
commit 26662acada6f44a83c11c1e13faa8fea3a959720
Author: Karen Tran <ktop500@gmail.com>
Date:   2016-03-18T18:45:57Z

    CB-10897 Refactor URI Parsing for Whitelist

----


> Cannot access specific non http or https URLs that are Whitelisted
> ------------------------------------------------------------------
>
>                 Key: CB-10897
>                 URL: https://issues.apache.org/jira/browse/CB-10897
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Plugin Whitelist
>    Affects Versions: Master
>         Environment: cordova-android 5.1.1
>            Reporter: Karen Tran
>              Labels: android, whitelist
>             Fix For: Master
>
>
> In config.xml when I whitelist specific non http or https URLs such as 
> {code}<allow-intent href="mailto:ktop500@gmail.com" />{code}
> and in index.html I add a link with that specific URL, 
> {code}<a href="mailto:ktop500@gmail.com">mailto link</a>{code}
> I cannot access the link when I run the application. If I change the allow-intent to
use a wildcard, *, I can get it to work. 
> {code}<allow-intent href="mailto:*" />{code}
> The expected behavior is that I should be able to specify an exact URL in the whitelist,
but I am not able to. I investigated the Whitelist plugin and Whitelist.java in cordova-android
and I found the issue. 
> First I looked at the whitelist itself. URLs from config.xml are added to the whitelist
correctly. No problems here. 
> Next I looked at how the URL from index.html is being compared to the whitelist. I traced
through with the Android Studio debugger and found this:
> At [Line 85|https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/Whitelist.java#L85]
of Whitelist.java in cordova-android, there is actually a NullPointerException happening,
but it didn't get printed out with the Log :( (this needs to be fixed). I made some modifications
to Whitelist.java so that the stack trace gets printed out, along with with values of 'host'.

> {noformat}
> 03-17 13:46:47.399 14000-14000/? I/System.out: uri scheme: mailto
> 03-17 13:46:47.399 14000-14000/? I/System.out: whitelist scheme: mailto
> 03-17 13:46:47.399 14000-14000/? I/System.out: uri host: null
> 03-17 13:46:47.399 14000-14000/? I/System.out: whitelist host: ktop500@gmail\.com
> 03-17 13:46:47.400 14000-14000/? W/System.err: java.lang.NullPointerException: Attempt
to invoke interface method 'int java.lang.CharSequence.length()' on a null object reference
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Matcher.reset(Matcher.java:177)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Matcher.<init>(Matcher.java:90)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Pattern.matcher(Pattern.java:297)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.Whitelist$URLPattern.matches(Whitelist.java:88)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.Whitelist.isUrlWhiteListed(Whitelist.java:168)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.whitelist.WhitelistPlugin.shouldOpenExternalUrl(WhitelistPlugin.java:132)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.PluginManager.shouldOpenExternalUrl(PluginManager.java:432)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.CordovaWebViewImpl$EngineClient.onNavigationAttempt(CordovaWebViewImpl.java:605)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.engine.SystemWebViewClient.shouldOverrideUrlLoading(SystemWebViewClient.java:79)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at com.android.webview.chromium.WebViewContentsClientAdapter.shouldOverrideUrlLoading(WebViewContentsClientAdapter.java:336)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.android_webview.AwContentsClient.shouldIgnoreNavigation(AwContentsClient.java:168)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.android_webview.AwContentsClientBridge.shouldOverrideUrlLoading(AwContentsClientBridge.java:265)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.base.SystemMessageHandler.nativeDoRunLoopOnce(Native
Method)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.base.SystemMessageHandler.handleMessage(SystemMessageHandler.java:39)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at android.os.Handler.dispatchMessage(Handler.java:102)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at android.os.Looper.loop(Looper.java:135)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at android.app.ActivityThread.main(ActivityThread.java:5254)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at java.lang.reflect.Method.invoke(Native
Method)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at java.lang.reflect.Method.invoke(Method.java:372)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698){noformat}
> Whitelist host is correct, so that got parsed correctly, but the Uri host is not correct,
it is null. We try to call host.matcher(null).matches with a null object and therefore got
the NPE. 
> Working backwards from here, the issue stems from Android's Uri class parsing the URL.
At [Line 158|https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/Whitelist.java#L158]
of Whitelist.java, we call:
> {code}Uri parsedUri = Uri.parse(uri);{code}
> Using the debugger, once the uri gets parsed, you'll see that the value of 'host' is
'NOT_CACHED'. This is the part where I got lost in Android Uri class because it's hard to
debug there.
> The conclusion that I came to is that Android's Uri class doesn't parse 'host' correctly,
but does parse 'scheme' correctly. I also tested market: URL and that has the same behavior.

> Android's definition of 'host' is probably different from Cordova's definition of 'host'
so we should try to use something other than the Uri class to parse the URL. Android's definition
of 'host' is probably parsed to a ':' 
> I can try to work on a solution to not use the Uri class to parse. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message