Mailing-List: contact issues-help@cordova.apache.org; run by ezmlm
Precedence: bulk
Date: Thu, 17 Mar 2016 19:50:33 +0000 (UTC)
From: "Karen Tran (JIRA)" <jira@apache.org>
To: issues@cordova.apache.org
Message-ID: <JIRA.12951297.1458240688000.52295.1458244233777@Atlassian.JIRA>
In-Reply-To: <JIRA.12951297.1458240688000@Atlassian.JIRA>
References: <JIRA.12951297.1458240688000@Atlassian.JIRA>
 <JIRA.12951297.1458240688979@arcas>
Subject: [jira] [Updated] (CB-10897) Cannot access specific non http or
 https URLs that are Whitelisted
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


     [ https://issues.apache.org/jira/browse/CB-10897?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Karen Tran updated CB-10897:
----------------------------
    Description: 
In config.xml when I whitelist specific non http or https URLs such as 
{code}<allow-intent href="mailto:ktop500@gmail.com" />{code}
and in index.html I add a link with that specific URL, 
{code}<a href="mailto:ktop500@gmail.com">mailto link</a>{code}
I cannot access the link when I run the application. If I change the allow-intent to use a wildcard, *, I can get it to work. 
{code}<allow-intent href="mailto:*" />{code}

The expected behavior is that I should be able to specify an exact URL in the whitelist, but I am not able to. I investigated the Whitelist plugin and Whitelist.java in cordova-android and I found the issue. 

First I looked at the whitelist itself. URLs from config.xml are added to the whitelist correctly. No problems here. 

Next I looked at how the URL from index.html is being compared to the whitelist. I traced through with the Android Studio debugger and found this:

At [Line 85|https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/Whitelist.java#L85] of Whitelist.java in cordova-android, there is actually a NullPointerException happening, but it didn't get printed out with the Log :( (this needs to be fixed). I made some modifications to Whitelist.java so that the stack trace gets printed out, along with with values of 'host'. 
{noformat}
03-17 13:46:47.399 14000-14000/? I/System.out: uri scheme: mailto
03-17 13:46:47.399 14000-14000/? I/System.out: whitelist scheme: mailto
03-17 13:46:47.399 14000-14000/? I/System.out: uri host: null
03-17 13:46:47.399 14000-14000/? I/System.out: whitelist host: ktop500@gmail\.com
03-17 13:46:47.400 14000-14000/? W/System.err: java.lang.NullPointerException: Attempt to invoke interface method 'int java.lang.CharSequence.length()' on a null object reference
03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Matcher.reset(Matcher.java:177)
03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Matcher.<init>(Matcher.java:90)
03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Pattern.matcher(Pattern.java:297)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.Whitelist$URLPattern.matches(Whitelist.java:88)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.Whitelist.isUrlWhiteListed(Whitelist.java:168)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.whitelist.WhitelistPlugin.shouldOpenExternalUrl(WhitelistPlugin.java:132)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.PluginManager.shouldOpenExternalUrl(PluginManager.java:432)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.CordovaWebViewImpl$EngineClient.onNavigationAttempt(CordovaWebViewImpl.java:605)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.engine.SystemWebViewClient.shouldOverrideUrlLoading(SystemWebViewClient.java:79)
03-17 13:46:47.400 14000-14000/? W/System.err:     at com.android.webview.chromium.WebViewContentsClientAdapter.shouldOverrideUrlLoading(WebViewContentsClientAdapter.java:336)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.android_webview.AwContentsClient.shouldIgnoreNavigation(AwContentsClient.java:168)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.android_webview.AwContentsClientBridge.shouldOverrideUrlLoading(AwContentsClientBridge.java:265)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.base.SystemMessageHandler.nativeDoRunLoopOnce(Native Method)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.base.SystemMessageHandler.handleMessage(SystemMessageHandler.java:39)
03-17 13:46:47.401 14000-14000/? W/System.err:     at android.os.Handler.dispatchMessage(Handler.java:102)
03-17 13:46:47.401 14000-14000/? W/System.err:     at android.os.Looper.loop(Looper.java:135)
03-17 13:46:47.401 14000-14000/? W/System.err:     at android.app.ActivityThread.main(ActivityThread.java:5254)
03-17 13:46:47.401 14000-14000/? W/System.err:     at java.lang.reflect.Method.invoke(Native Method)
03-17 13:46:47.401 14000-14000/? W/System.err:     at java.lang.reflect.Method.invoke(Method.java:372)
03-17 13:46:47.401 14000-14000/? W/System.err:     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
03-17 13:46:47.401 14000-14000/? W/System.err:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698){noformat}

Whitelist host is correct, so that got parsed correctly, but the Uri host is not correct, it is null. We try to call host.matcher(null).matches with a null object and therefore got the NPE. 

Working backwards from here, the issue stems from Android's Uri class parsing the URL. At [Line 158|https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/Whitelist.java#L158] of Whitelist.java, we call:
{code}Uri parsedUri = Uri.parse(uri);{code}
Using the debugger, once the uri gets parsed, you'll see that the value of 'host' is 'NOT_CACHED'. This is the part where I got lost in Android Uri class because it's hard to debug there.

The conclusion that I came to is that Android's Uri class doesn't parse 'host' correctly, but does parse 'scheme' correctly. I also tested market: URL and that has the same behavior. 

Android's definition of 'host' is probably different from Cordova's definition of 'host' so we should try to use something other than the Uri class to parse the URL. Android's definition of 'host' is probably parsed to a ':' 
I can try to work on a solution to not use the Uri class to parse. 

  was:
In config.xml when I whitelist specific non http or https URLs such as 
{code}<allow-intent href="mailto:ktop500@gmail.com" />{code}
and in index.html I add a link with that specific URL, 
{code}<a href="mailto:ktop500@gmail.com">mailto link</a>{code}
I cannot access the link when I run the application. If I change the allow-intent to use a wildcard, *, I can get it to work. 
{code}<allow-intent href="mailto:*" />{code}

The expected behavior is that I should be able to specify an exact URL in the whitelist, but I am not able to. I investigated the Whitelist plugin and Whitelist.java in cordova-android and I found the issue. 

First I looked at the whitelist itself. URLs from config.xml are added to the whitelist correctly. No problems here. 

Next I looked at how the URL from index.html is being compared to the whitelist. I traced through with the Android Studio debugger and found this:

At [Line 85|https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/Whitelist.java#L85] of Whitelist.java in cordova-android, there is actually a NullPointerException happening, but it didn't get printed out with the Log :( (this needs to be fixed). I made some modifications to Whitelist.java so that the stack trace gets printed out, along with with values of 'host'. 
{noformat}
03-17 13:46:47.399 14000-14000/? I/System.out: uri scheme: mailto
03-17 13:46:47.399 14000-14000/? I/System.out: whitelist scheme: mailto
03-17 13:46:47.399 14000-14000/? I/System.out: uri host: null
03-17 13:46:47.399 14000-14000/? I/System.out: whitelist host: ktop500@gmail\.com
03-17 13:46:47.400 14000-14000/? W/System.err: java.lang.NullPointerException: Attempt to invoke interface method 'int java.lang.CharSequence.length()' on a null object reference
03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Matcher.reset(Matcher.java:177)
03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Matcher.<init>(Matcher.java:90)
03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Pattern.matcher(Pattern.java:297)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.Whitelist$URLPattern.matches(Whitelist.java:88)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.Whitelist.isUrlWhiteListed(Whitelist.java:168)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.whitelist.WhitelistPlugin.shouldOpenExternalUrl(WhitelistPlugin.java:132)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.PluginManager.shouldOpenExternalUrl(PluginManager.java:432)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.CordovaWebViewImpl$EngineClient.onNavigationAttempt(CordovaWebViewImpl.java:605)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.engine.SystemWebViewClient.shouldOverrideUrlLoading(SystemWebViewClient.java:79)
03-17 13:46:47.400 14000-14000/? W/System.err:     at com.android.webview.chromium.WebViewContentsClientAdapter.shouldOverrideUrlLoading(WebViewContentsClientAdapter.java:336)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.android_webview.AwContentsClient.shouldIgnoreNavigation(AwContentsClient.java:168)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.android_webview.AwContentsClientBridge.shouldOverrideUrlLoading(AwContentsClientBridge.java:265)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.base.SystemMessageHandler.nativeDoRunLoopOnce(Native Method)
03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.base.SystemMessageHandler.handleMessage(SystemMessageHandler.java:39)
03-17 13:46:47.401 14000-14000/? W/System.err:     at android.os.Handler.dispatchMessage(Handler.java:102)
03-17 13:46:47.401 14000-14000/? W/System.err:     at android.os.Looper.loop(Looper.java:135)
03-17 13:46:47.401 14000-14000/? W/System.err:     at android.app.ActivityThread.main(ActivityThread.java:5254)
03-17 13:46:47.401 14000-14000/? W/System.err:     at java.lang.reflect.Method.invoke(Native Method)
03-17 13:46:47.401 14000-14000/? W/System.err:     at java.lang.reflect.Method.invoke(Method.java:372)
03-17 13:46:47.401 14000-14000/? W/System.err:     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
03-17 13:46:47.401 14000-14000/? W/System.err:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698){noformat}

Whitelist host is correct, so that got parsed correctly, but the Uri host is not correct, it is null. We try to call host.matcher(null).matches with a null object and therefore got the NPE. 

Working backwards from here, the issue stems from Android's Uri class parsing the URL. At [Line 158|https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/Whitelist.java#L158] of Whitelist.java, we call:
{code}Uri parsedUri = Uri.parse(uri);{code}
Using the debugger, once the uri gets parsed, you'll see that the value of 'host' is 'NOT_CACHED'. This is the part where I got lost in Android Uri class because it's hard to debug there.

The conclusion that I came to is that Android's Uri class doesn't parse 'host' correctly, but does parse 'scheme' correctly. I also tested market: URL and that has the same behavior. 

I can try to work on a solution to this so that we don't have to use the Uri class, but we should probably open a bug against Google. 


> Cannot access specific non http or https URLs that are Whitelisted
> ------------------------------------------------------------------
>
>                 Key: CB-10897
>                 URL: https://issues.apache.org/jira/browse/CB-10897
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android, Plugin Whitelist
>    Affects Versions: Master
>         Environment: cordova-android 5.1.1
>            Reporter: Karen Tran
>              Labels: android, whitelist
>             Fix For: Master
>
>
> In config.xml when I whitelist specific non http or https URLs such as 
> {code}<allow-intent href="mailto:ktop500@gmail.com" />{code}
> and in index.html I add a link with that specific URL, 
> {code}<a href="mailto:ktop500@gmail.com">mailto link</a>{code}
> I cannot access the link when I run the application. If I change the allow-intent to use a wildcard, *, I can get it to work. 
> {code}<allow-intent href="mailto:*" />{code}
> The expected behavior is that I should be able to specify an exact URL in the whitelist, but I am not able to. I investigated the Whitelist plugin and Whitelist.java in cordova-android and I found the issue. 
> First I looked at the whitelist itself. URLs from config.xml are added to the whitelist correctly. No problems here. 
> Next I looked at how the URL from index.html is being compared to the whitelist. I traced through with the Android Studio debugger and found this:
> At [Line 85|https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/Whitelist.java#L85] of Whitelist.java in cordova-android, there is actually a NullPointerException happening, but it didn't get printed out with the Log :( (this needs to be fixed). I made some modifications to Whitelist.java so that the stack trace gets printed out, along with with values of 'host'. 
> {noformat}
> 03-17 13:46:47.399 14000-14000/? I/System.out: uri scheme: mailto
> 03-17 13:46:47.399 14000-14000/? I/System.out: whitelist scheme: mailto
> 03-17 13:46:47.399 14000-14000/? I/System.out: uri host: null
> 03-17 13:46:47.399 14000-14000/? I/System.out: whitelist host: ktop500@gmail\.com
> 03-17 13:46:47.400 14000-14000/? W/System.err: java.lang.NullPointerException: Attempt to invoke interface method 'int java.lang.CharSequence.length()' on a null object reference
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Matcher.reset(Matcher.java:177)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Matcher.<init>(Matcher.java:90)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at java.util.regex.Pattern.matcher(Pattern.java:297)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.Whitelist$URLPattern.matches(Whitelist.java:88)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.Whitelist.isUrlWhiteListed(Whitelist.java:168)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.whitelist.WhitelistPlugin.shouldOpenExternalUrl(WhitelistPlugin.java:132)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.PluginManager.shouldOpenExternalUrl(PluginManager.java:432)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.CordovaWebViewImpl$EngineClient.onNavigationAttempt(CordovaWebViewImpl.java:605)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.apache.cordova.engine.SystemWebViewClient.shouldOverrideUrlLoading(SystemWebViewClient.java:79)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at com.android.webview.chromium.WebViewContentsClientAdapter.shouldOverrideUrlLoading(WebViewContentsClientAdapter.java:336)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.android_webview.AwContentsClient.shouldIgnoreNavigation(AwContentsClient.java:168)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.android_webview.AwContentsClientBridge.shouldOverrideUrlLoading(AwContentsClientBridge.java:265)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.base.SystemMessageHandler.nativeDoRunLoopOnce(Native Method)
> 03-17 13:46:47.400 14000-14000/? W/System.err:     at org.chromium.base.SystemMessageHandler.handleMessage(SystemMessageHandler.java:39)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at android.os.Handler.dispatchMessage(Handler.java:102)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at android.os.Looper.loop(Looper.java:135)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at android.app.ActivityThread.main(ActivityThread.java:5254)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at java.lang.reflect.Method.invoke(Native Method)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at java.lang.reflect.Method.invoke(Method.java:372)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
> 03-17 13:46:47.401 14000-14000/? W/System.err:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698){noformat}
> Whitelist host is correct, so that got parsed correctly, but the Uri host is not correct, it is null. We try to call host.matcher(null).matches with a null object and therefore got the NPE. 
> Working backwards from here, the issue stems from Android's Uri class parsing the URL. At [Line 158|https://github.com/apache/cordova-android/blob/master/framework/src/org/apache/cordova/Whitelist.java#L158] of Whitelist.java, we call:
> {code}Uri parsedUri = Uri.parse(uri);{code}
> Using the debugger, once the uri gets parsed, you'll see that the value of 'host' is 'NOT_CACHED'. This is the part where I got lost in Android Uri class because it's hard to debug there.
> The conclusion that I came to is that Android's Uri class doesn't parse 'host' correctly, but does parse 'scheme' correctly. I also tested market: URL and that has the same behavior. 
> Android's definition of 'host' is probably different from Cordova's definition of 'host' so we should try to use something other than the Uri class to parse the URL. Android's definition of 'host' is probably parsed to a ':' 
> I can try to work on a solution to not use the Uri class to parse. 


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org