incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Bowser (Created) (JIRA)" <>
Subject [jira] [Created] (CB-343) FileTransfer Download does NOT respect WhiteList
Date Thu, 15 Mar 2012 23:14:37 GMT
FileTransfer Download does NOT respect WhiteList

                 Key: CB-343
             Project: Apache Callback
          Issue Type: Bug
          Components: Android
    Affects Versions: 1.5.0
            Reporter: Joe Bowser
            Assignee: Joe Bowser
            Priority: Blocker
             Fix For: 1.6.0

Steps to reproduce:
1. Use Download API Example to download from a site not on the whitelist

This should fail

What happens:
This works! The URL isn't checked against the whitelist.  This allows for any 3rd-Party Javascript
to be pulled onto the local FS and then executed from arbitrary domains.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message