incubator-callback-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Grieve (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CB-1412) iOS Whitelist is never used, all urls will pass the whitelist
Date Wed, 12 Sep 2012 13:01:07 GMT

    [ https://issues.apache.org/jira/browse/CB-1412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453969#comment-13453969
] 

Andrew Grieve commented on CB-1412:
-----------------------------------

Whoops, nice catch. Was this caught by a mobile-spec test?

I don't think the note in there about using the vc header to distinguish webviews will work.
That header exists only when it is set explicitly by the exec() xhr. Maybe we could use the
referrer header. Not sure.
                
> iOS Whitelist is never used, all urls will pass the whitelist
> -------------------------------------------------------------
>
>                 Key: CB-1412
>                 URL: https://issues.apache.org/jira/browse/CB-1412
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: iOS
>    Affects Versions: 2.1.0
>            Reporter: Shazron Abdullah
>            Assignee: Shazron Abdullah
>            Priority: Blocker
>             Fix For: 2.1.0
>
>
> The line here: https://github.com/apache/incubator-cordova-ios/blob/fdf8043414e39914ffc29b682779a10fe1c147e7/CordovaLib/Classes/CDVURLProtocol.m#L87
> ... the whitelist object is nil, which will return false for the condition, allowing
the bypass.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message