You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Kevin Christopher Henry (JIRA)" <ji...@apache.org> on 2016/08/28 22:01:20 UTC

[jira] [Updated] (CB-11782) Dangerous incompatibilities with browser platform

     [ https://issues.apache.org/jira/browse/CB-11782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Christopher Henry updated CB-11782:
-----------------------------------------
    Description: 
The browser platform, reflecting the limitations of {{window.confirm()}} and {{window.prompt()}}, doesn't allow customization of the button labels. That's fine.

However, it blithely triggers the callback with hardcoded button values of {{1}} for OK and {{2}} for Cancel. That's dangerous, because the developer may have assigned different labels for those buttons.

For example, if the developer reverses the order of the Cancel and OK buttons (and therefore interprets the button index differently in the callback), the browser platform version will end up calling the OK callback when the user presses Cancel, which could lead to data loss and other serious problems.

One solution would be to document the limitations of the browser platform, and then fail fast (i.e. refuse to show the dialog) if the caller tries to pass custom button labels.

  was:
The browser platform, reflecting the limitations of {{window.confirm()}} and {{window.prompt()}}, doesn't allow customization of the button labels. That's fine.

However, it blithely triggers the callback with hardcoded button values of {{1}} for OK and {{2}} for Cancel. That's dangerous, because the developer may have assigned different labels for those buttons.

For example, if the developer reverses the order of the Cancel and OK buttons (and therefore interprets the button index differently in the callback), the browser platform version will end up calling the OK callback when the user presses Cancel, which could lead to data loss and other serious problems.

One solution would be to document the limitations of the browser platform, and and then fail fast (i.e. refuse to show the dialog) if the caller tries to pass custom button labels.


> Dangerous incompatibilities with browser platform
> -------------------------------------------------
>
>                 Key: CB-11782
>                 URL: https://issues.apache.org/jira/browse/CB-11782
>             Project: Apache Cordova
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Plugin Dialogs
>            Reporter: Kevin Christopher Henry
>
> The browser platform, reflecting the limitations of {{window.confirm()}} and {{window.prompt()}}, doesn't allow customization of the button labels. That's fine.
> However, it blithely triggers the callback with hardcoded button values of {{1}} for OK and {{2}} for Cancel. That's dangerous, because the developer may have assigned different labels for those buttons.
> For example, if the developer reverses the order of the Cancel and OK buttons (and therefore interprets the button index differently in the callback), the browser platform version will end up calling the OK callback when the user presses Cancel, which could lead to data loss and other serious problems.
> One solution would be to document the limitations of the browser platform, and then fail fast (i.e. refuse to show the dialog) if the caller tries to pass custom button labels.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org