cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CB-11270) [QUESTION] Is whitelist intent filter working as intended?
Date Wed, 03 Aug 2016 22:21:20 GMT

    [ https://issues.apache.org/jira/browse/CB-11270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15406722#comment-15406722
] 

ASF GitHub Bot commented on CB-11270:
-------------------------------------

Github user shazron commented on a diff in the pull request:

    https://github.com/apache/cordova-ios/pull/232#discussion_r73432421
  
    --- Diff: CordovaLib/Classes/Private/Plugins/CDVIntentAndNavigationFilter/CDVIntentAndNavigationFilter.m
---
    @@ -95,23 +95,33 @@ - (CDVIntentAndNavigationFilterValue) filterUrl:(NSURL*)url
         return [[self class] filterUrl:url intentsWhitelist:self.allowIntentsWhitelist navigationsWhitelist:self.allowNavigationsWhitelist];
     }
     
    -- (BOOL)shouldOverrideLoadWithRequest:(NSURLRequest*)request navigationType:(UIWebViewNavigationType)navigationType
    ++ (BOOL)shouldOpenURLRequest:(NSURLRequest*)request navigationType:(UIWebViewNavigationType)navigationType
    +{
    +    return (UIWebViewNavigationTypeLinkClicked == navigationType ||
    +        (UIWebViewNavigationTypeOther == navigationType &&
    +         [[request.mainDocumentURL absoluteString] isEqualToString:[request.URL absoluteString]]
    +         )
    +        );
    +}
    +
    ++ (BOOL)shouldOverrideLoadWithRequest:(NSURLRequest*)request navigationType:(UIWebViewNavigationType)navigationType
filterValue:(CDVIntentAndNavigationFilterValue)filterValue
     {
         NSString* allowIntents_whitelistRejectionFormatString = @"ERROR External navigation
rejected - <allow-intent> not set for url='%@'";
         NSString* allowNavigations_whitelistRejectionFormatString = @"ERROR Internal navigation
rejected - <allow-navigation> not set for url='%@'";
         
         NSURL* url = [request URL];
    -    CDVIntentAndNavigationFilterValue filterValue = [self filterUrl:url];
         
         switch (filterValue) {
             case CDVIntentAndNavigationFilterValueNavigationAllowed:
                 return YES;
             case CDVIntentAndNavigationFilterValueIntentAllowed:
    -            // only allow-intent if it's a UIWebViewNavigationTypeLinkClicked (anchor
tag)
    -            if (UIWebViewNavigationTypeLinkClicked == navigationType) {
    +            // only allow-intent if it's a UIWebViewNavigationTypeLinkClicked (anchor
tag) OR
    +            // it's a UIWebViewNavigationTypeOther, and it's an internal link
    +            if ([[self class] shouldOpenURLRequest:request navigationType:navigationType]){
                     [[UIApplication sharedApplication] openURL:url];
                 }
    -            // consume the request (i.e. no error) if it wasn't a UIWebViewNavigationTypeLinkClicked
    +            
    --- End diff --
    
    returning NO here signals to the WebView that it should not load the URL inside itself,
so it is correct in this context since we open the url externally.


> [QUESTION] Is whitelist intent filter working as intended?
> ----------------------------------------------------------
>
>                 Key: CB-11270
>                 URL: https://issues.apache.org/jira/browse/CB-11270
>             Project: Apache Cordova
>          Issue Type: Improvement
>          Components: iOS
>            Reporter: Tony Homer
>            Assignee: Shazron Abdullah
>
> In 3.8.0, given an intent directive like 
> {code}
> <allow-intent href="tel:*" />
> {code}
> , interacting with any of the following elements would result in tel: requests that would
all be allowed:
> {code}
> <a id="tel-button" href="tel:777777777">do tel with a.href</a>
> <a id="tel-a-onclick" onclick="document.location.href='tel:777777777';">do tel
with a.onclick</a>
> <button id="tel-button" onclick="document.location.href='tel:777777777';">do tel
with button.onclick</button>
> {code}
> However, in 4.1.1, only the first interaction will be allowed.
> This is because intent directives are only applied to the UIWebViewNavigationTypeLinkClicked
navigationType (the navigationType for the second and third examples is UIWebViewNavigationTypeOther).
> Is this working as intended?
> It seems that either the whitelist intent filter in 4+ is not working as intended or,
if working as intended, the documentation should be improved to spell out this case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message