Return-Path: 
 <callback-dev-return-11372-apmail-incubator-callback-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-callback-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-callback-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 17547D3DB
	for <apmail-incubator-callback-dev-archive@minotaur.apache.org>;
 Tue,  7 Aug 2012 23:44:41 +0000 (UTC)
Received: (qmail 50702 invoked by uid 500); 7 Aug 2012 23:44:40 -0000
Delivered-To: apmail-incubator-callback-dev-archive@incubator.apache.org
Received: (qmail 50678 invoked by uid 500); 7 Aug 2012 23:44:40 -0000
Mailing-List: contact callback-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:callback-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:callback-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:callback-dev@incubator.apache.org>
List-Id: <callback-dev.incubator.apache.org>
Reply-To: callback-dev@incubator.apache.org
Delivered-To: mailing list callback-dev@incubator.apache.org
Received: (qmail 50665 invoked by uid 99); 7 Aug 2012 23:44:40 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Aug 2012 23:44:40 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of brian.leroux@gmail.com
 designates 209.85.215.175 as permitted sender)
Received: from [209.85.215.175] (HELO mail-ey0-f175.google.com)
 (209.85.215.175)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Aug 2012 23:44:34 +0000
Received: by eaad12 with SMTP id d12so34462eaa.6
        for <callback-dev@incubator.apache.org>;
 Tue, 07 Aug 2012 16:44:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type;
        bh=8+2jaGHQ5xpO8loAQPCfLr890VZIHXLruHR8wh1tzlE=;
        b=GSbTlOy3CBACczsgGgQrW4ZsQSUzSUJea+UksNf0ZizWRr6hukBBQzJLnW4HwKBR1N
         so7pfYsDrNfcSwDbShYKZLtIJHggOz7DcEELaW6nBfDGs8q2jjPqDa3AI6Jv5GJALxXZ
         S1eXgNdtdiVcZXAai/59M5Rz9LW+/1nfVwWPXrtsqPXywKDQK/DrFsEHFs7gYenvXQCq
         aifLldU9MnhveWL4+PVZOB2SNTqPgyWGyIgttsmQkbzDhuJj3jRkV9RAQNjbzrT3NqPm
         klUKh8HnwujOS2vuZ6Q68Onx3A4JLiiYyujR9FpkMFVliTGgtqKfKMzzm+4ofdL9H6DX
         aYqw==
MIME-Version: 1.0
Received: by 10.14.179.71 with SMTP id g47mr20125128eem.21.1344383053988; Tue,
 07 Aug 2012 16:44:13 -0700 (PDT)
Sender: brian.leroux@gmail.com
Received: by 10.14.206.134 with HTTP; Tue, 7 Aug 2012 16:44:13 -0700 (PDT)
In-Reply-To: 
 <CAKP6k2uEo2wk6VCjFDjHhr_SjNs6GRy_v14NV--i0sv_qLwr8Q@mail.gmail.com>
References: <812916889958891609@unknownmsgid>
	<CADVgkyMVLgyZLE0_A31GY5BaABBVHxnKnp=Ge3pEQrG=Fpa8jQ@mail.gmail.com>
	<CAE6O_-Z8ADWC0eauvif5AbNFem_jCNLyJ3vGZVvk7WHnH5N6bw@mail.gmail.com>
	<CAE6O_-aWnfpmD9yfmEgT7oLk9b-d6O=qMSdd-Cp3Sti2rq9S_w@mail.gmail.com>
	<-2592107845858267218@unknownmsgid>
	<CAFnWYTn0LzWa61f_gWQ4eLQ4TS6gG98B8Nuus+XXmiCdUr_r9g@mail.gmail.com>
	<CAKP6k2uEo2wk6VCjFDjHhr_SjNs6GRy_v14NV--i0sv_qLwr8Q@mail.gmail.com>
Date: Tue, 7 Aug 2012 16:44:13 -0700
X-Google-Sender-Auth: WzenZ59Ie-t3k2fsM2u13b4SC20
Message-ID: 
 <CADVgkyM3DAXuXCjPL7to3Zb7NGu4NGod7S+MwPMD9OamXC4g6Q@mail.gmail.com>
Subject: Re: [DISCUSS] window.open target blank
From: Brian LeRoux <b@brian.io>
To: callback-dev@incubator.apache.org
Content-Type: text/plain; charset=ISO-8859-1

Jesse: I like it.

My personal take is the primary use case we want to fulfill is the
ability to see content in a browser. Unfortunately iOS this means
leaving the app context which isn't the best experience thus the need
for a ChildBrowser.

For this use case I do not see the need for access to the native
bridge. Maybe I'm missing something but would it not reduce the
complexity if the childbrowser had no bridge capability? is there a
drawback if this is the case? (Obv the system browser has no native
bridge.)

Also, we really should come up with a better name than 'Child Browser'. =/


On Tue, Aug 7, 2012 at 4:30 PM, Jesse <purplecabbage@gmail.com> wrote:
> Brion:
> Yes, this should be considered part of the API, the 'how' is yet to be
> defined, but apps need the ability to specifically target both the default
> system browser AND the ChildBrowser.
>
> ===
>
> Re: My Proposal, ( I have officially flipped ... )
>
> After writing/sending my proposal, I thought back to the origins of the
> ChildBrowser plugin.  Back when Shaz and I wrote it some 2+ years ago, the
> goal was to allow non-secure content to be loaded into the application
> without offering any chance of the app/dom being hijacked.  At the time,
> there was no whitelist, and all was fine.
>
> Now that we have a whitelist, I think we need to re-evaluate it's purpose.
>  IMHO the ChildBrowser should NOT be restricted to domains in the
> whitelist.  If you imagine attempting to develop a twitter clone, it would
> be impossible to display links in tweets unless you either, jumped out to
> the system browser, or had an allow * in the whitelist.  IMO this is a
> perfectly valid use case for building a phonegap app.
>
> Displaying content from ANY domain should be a perfectly acceptable
> practice.
> Running JS code inside the ChildBrowser from ANY domain should be
> acceptable as well. ( XHR cross-domain requests should continue to be
> governed by the security already present in the browser control itself )
> Mixing code/content from the internet domain with the app domain SHOULD be
> governed by the whitelist.
>
> The ChildBrowser already shields the app from unsafe internet code, in that
> it does NOT allow any of the APIs that phonegap does.  This is in harmony
> with the initial intent of the plugin, to safely display some content ...
> and not lose the app context.
>
> My adjusted proposal follows :
>
> 1. The security/whitelist checking should be adjusted to only apply to
> access attempts by the CDVViewController, and not the entire application. (
> not easy, I know Shaz, I can help )
> 2. If ChildBrowser is present, it should include code to intercept
> target._blank and polyfil window.open to its own API. (JS POC needed)
> 3. ChildBrowser should get an additional API to specifically target
> the system default browser. ( API details TBD )
>
> Cheers,
>   Jesse
>
>
>
>
> On Mon, Aug 6, 2012 at 4:55 PM, Brion Vibber <brion@pobox.com> wrote:
>
>> On Mon, Aug 6, 2012 at 3:52 PM, Jesse MacFadyen <purplecabbage@gmail.com
>> >wrote:
>>
>> > [PROPOSAL]
>> >
>> > 1. If a URL is not in the whitelist, it will be passed to the default
>> > system browser regardless of any other rule. ( this will be handled on
>> > the native side, by the framework and the JS side may not even know it
>> > has happened. )
>> >
>>
>> If the URL *is* in the whitelist, can we send it to the default system
>> browser too when calling window.open?
>>
>> For lots of our usage at Wikimedia, we need to whitelist Wikipedia sites in
>> order to do API calls via XHR (at least on iOS), but also want to be able
>> to open specific pages in the system browser.
>>
>> 2. If ChildBrowser is present, it should include code to intercept
>> > target._blank and polyfil window.open to its own API.
>> > 3. ChildBrowser should get an additional API to specifically target
>> > the system default browser.
>> >
>>
>> -- brion vibber (brion @ pobox.com / brion @ wikimedia.org)
>>
>
>
>
> --
> @purplecabbage
> risingj.com