You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ma...@apache.org on 2014/09/24 01:17:57 UTC
docs commit: CB-7623 properly escape the xml examples
Repository: cordova-docs
Updated Branches:
refs/heads/master f6a38e4a4 -> fc69d715a
CB-7623 properly escape the xml examples
Project: http://git-wip-us.apache.org/repos/asf/cordova-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-docs/commit/fc69d715
Tree: http://git-wip-us.apache.org/repos/asf/cordova-docs/tree/fc69d715
Diff: http://git-wip-us.apache.org/repos/asf/cordova-docs/diff/fc69d715
Branch: refs/heads/master
Commit: fc69d715a50e45a7b4f0540a46162f0af4efa5fe
Parents: f6a38e4
Author: Marcel Kinard <cm...@gmail.com>
Authored: Tue Sep 23 19:17:08 2014 -0400
Committer: Marcel Kinard <cm...@gmail.com>
Committed: Tue Sep 23 19:17:08 2014 -0400
----------------------------------------------------------------------
docs/en/3.6.0/guide/appdev/whitelist/index.md | 16 ++++++++--------
docs/en/edge/guide/appdev/whitelist/index.md | 16 ++++++++--------
2 files changed, 16 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/fc69d715/docs/en/3.6.0/guide/appdev/whitelist/index.md
----------------------------------------------------------------------
diff --git a/docs/en/3.6.0/guide/appdev/whitelist/index.md b/docs/en/3.6.0/guide/appdev/whitelist/index.md
index bfc05c7..6c73525 100644
--- a/docs/en/3.6.0/guide/appdev/whitelist/index.md
+++ b/docs/en/3.6.0/guide/appdev/whitelist/index.md
@@ -94,37 +94,37 @@ On older versions of Android, it may not be possible to restrict them.
Cordova 3.6.0 introduces a second whitelist, for restricting which URLs
are allowed to launch external applications. In previous versions of
Cordova, all non-http URLs, such as `mailto:`, `geo:`, `sms:` and `intent`,
-were implicitly allowed to be the target of a an <a> tag. Because of the
+were implicitly allowed to be the target of an <a> tag. Because of the
potential for an application to leak information, if an XSS vulnerability
allows an attacker to construct arbitrary links, these URLs must be
whitelisted as well, starting in Cordova 3.6.0.
-To allow a URL pattern to launch an external application, use an <access>
+To allow a URL pattern to launch an external application, use an <access>
tag in your `config.xml` file, with the `launch-external` attribute set.
Examples:
* To allow links to send SMS messages:
- <access origin="sms:*" launch-external="yes" />
+ <access origin="sms:*" launch-external="yes" />
* To allow links to open Maps:
- <access origin="geo:*" launch-external="yes" />
+ <access origin="geo:*" launch-external="yes" />
* To allow links to example.com to open in an external browser:
- <access origin="http://example.com/*" launch-external="yes" />
+ <access origin="http://example.com/*" launch-external="yes" />
* To allow all non-whitelisted websites to open in an external browser:
(This is the same as the previous behaviour for non-whitelisted URLs)
- <access origin="http://*" launch-external="yes" />
- <access origin="https://*" launch-external="yes" />
+ <access origin="http://*" launch-external="yes" />
+ <access origin="https://*" launch-external="yes" />
* To allow access to all URLs, reverting to the Cordova 3.5.0 policy (not recommended):
- <access origin="*" launch-external="yes" />
+ <access origin="*" launch-external="yes" />
When navigating to a URL from within your application, the interal whitelist
is tested first, and if the URL is not whitelisted there, then the external
http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/fc69d715/docs/en/edge/guide/appdev/whitelist/index.md
----------------------------------------------------------------------
diff --git a/docs/en/edge/guide/appdev/whitelist/index.md b/docs/en/edge/guide/appdev/whitelist/index.md
index bfc05c7..6c73525 100644
--- a/docs/en/edge/guide/appdev/whitelist/index.md
+++ b/docs/en/edge/guide/appdev/whitelist/index.md
@@ -94,37 +94,37 @@ On older versions of Android, it may not be possible to restrict them.
Cordova 3.6.0 introduces a second whitelist, for restricting which URLs
are allowed to launch external applications. In previous versions of
Cordova, all non-http URLs, such as `mailto:`, `geo:`, `sms:` and `intent`,
-were implicitly allowed to be the target of a an <a> tag. Because of the
+were implicitly allowed to be the target of an <a> tag. Because of the
potential for an application to leak information, if an XSS vulnerability
allows an attacker to construct arbitrary links, these URLs must be
whitelisted as well, starting in Cordova 3.6.0.
-To allow a URL pattern to launch an external application, use an <access>
+To allow a URL pattern to launch an external application, use an <access>
tag in your `config.xml` file, with the `launch-external` attribute set.
Examples:
* To allow links to send SMS messages:
- <access origin="sms:*" launch-external="yes" />
+ <access origin="sms:*" launch-external="yes" />
* To allow links to open Maps:
- <access origin="geo:*" launch-external="yes" />
+ <access origin="geo:*" launch-external="yes" />
* To allow links to example.com to open in an external browser:
- <access origin="http://example.com/*" launch-external="yes" />
+ <access origin="http://example.com/*" launch-external="yes" />
* To allow all non-whitelisted websites to open in an external browser:
(This is the same as the previous behaviour for non-whitelisted URLs)
- <access origin="http://*" launch-external="yes" />
- <access origin="https://*" launch-external="yes" />
+ <access origin="http://*" launch-external="yes" />
+ <access origin="https://*" launch-external="yes" />
* To allow access to all URLs, reverting to the Cordova 3.5.0 policy (not recommended):
- <access origin="*" launch-external="yes" />
+ <access origin="*" launch-external="yes" />
When navigating to a URL from within your application, the interal whitelist
is tested first, and if the URL is not whitelisted there, then the external