incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shazron Abdullah (Commented) (JIRA)" <>
Subject [jira] [Commented] (CB-94) OpenAllWhitelistURLsInWebView setting still problematic
Date Tue, 29 Nov 2011 23:41:40 GMT


Shazron Abdullah commented on CB-94:

by: (2011-11-22T15:48:08Z)

Dear Dev Team

This is a good feature for Callback. Not all white-listed link have to be opened in Webview
while not all should be opened in Safari. It is good to have this kind of flexibility in plist



by: (2011-11-24T13:20:22Z)

I would like to provide some feedback on this too, I just spent a couple of days wrestling
with the iframe thing and this solution is not really workable for my use case.  I think the
root of the problem is that whitelisted hosts used in an iframe still get pushed out to safari
because the mainDocumentURL for an iframe is not nil.  The comment in the code (PhoneGapDelegate.m
around line 693) says it will be nil for an iframe - its not (at least not anymore). Commit provides
a bypass mechanism but that causes problems if you want to whitelist a domain for loading
an iframe but don't necessarily want all activity in that domain to be whitelisted (i.e. a
tags with target _blank should still go to safari).  My specific example is that I am trying
to use the google maps api and to do so I need to whitelist because I am calling
a web service rooted at  However, the terms of service link embedded
in the google map links to  I also have a separate iframe that
goes to another url.  If I enable this option to allow the iframe to load then the terms of
service link opens inside my web view despite having a target _blank and I have no control
to get back to the app.  If I disable the option, the links work but the iframe doesn't.

For the specific problem of not being able to load iframes inline, I think a better solution
would be to allow whitelisting of specific URLs - not just domains - and that these URLs would
bypass the mainDocumentURL test.  If you are designing an app that needs to use iframes for
some legitimate reason, you probably know or can trace the exact urls that need to be whitelisted.
 Perhaps these could be tracked in a separate plist key as well to make it clear what they

by: (2011-11-24T13:32:20Z)

I should add that the solution that I arrived at was very simply to return YES in my AppDelegate
webView: shouldStartLoadWithRequest: navigationType: method if the url matches my iframe source
rather than calling super.

> OpenAllWhitelistURLsInWebView setting still problematic
> -------------------------------------------------------
>                 Key: CB-94
>                 URL:
>             Project: Apache Callback
>          Issue Type: Bug
>          Components: iOS
>            Reporter: Shazron Abdullah
>            Assignee: Shazron Abdullah
> The good news: OpenThisWhitelistURLsInWebView works perfectly. 
> The not so good news: Once that boolean is set to yes, there is no way to force a link
to jump out and open in a browser. It's all or nothing. How, in the case of an app requiring
OpenAllWhitelistURLsInWebView = Yes for some pages, can you also force a particular link to
open outside of the in-app webview?
> In practice, it would be nice (and fairly universally useful) to be able to specify whether
a link's behavior does or does not open in webview on an individual basis. For example in
the same app you have some embed or iframe links that should be opened in the app's webview,
and, other links on a FB or twitter badge to jump out to follow or to "like" a page, or "if
you like this app, click here to jump to our website to find out more" types of links.
> Maybe it is as simple as using target="_blank" inside an < a> tag to signify jumping
out of the app and opening in a browser?
> or maybe this scheme as an expected behavior ...
> If the OpenAllWhitelistURLsInWevView boolean is set to YES,
> then,
> any external links in the whitelist (ExternalHosts array) will open up in WebView.
> Inversely,
> any external links NOT on the whitelist will open externally.
> Thoughts?

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message