You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cordova.apache.org by "VERGNES Denis (JIRA)" <ji...@apache.org> on 2013/04/25 11:04:15 UTC

[jira] [Commented] (CB-2099) Android whitelisting only blocks documents, not resources

    [ https://issues.apache.org/jira/browse/CB-2099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13641583#comment-13641583 ] 

VERGNES Denis commented on CB-2099:
-----------------------------------

Concerning this bug, I need your insights. In my application, I am loading some images from Facebook and others websites. Before the patch to fix this issue I can load them without trouble but now I can't. For sure you can argue I can add domains of others websites inside my white list to make it work again. The thing is I don't want my application becomes dependent from the way other websites deploy their images because currently every time they decide to change the domain to server their images then I have to update my application which is not so convenient.
For sure I can override the shouldInterceptUrl and remove the check you have added but then what will be the impact on the security? Do you have any advice to resolve my problem?
                
> Android whitelisting only blocks documents, not resources
> ---------------------------------------------------------
>
>                 Key: CB-2099
>                 URL: https://issues.apache.org/jira/browse/CB-2099
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android
>    Affects Versions: 2.2.0
>            Reporter: manjula fernando
>            Assignee: Joe Bowser
>
> The Domain Whitelisting in Android works only for the href links, but not for the embedded resources (images, javascripts). If link is not whitelisted it gets opened in a new instance of native browser rather than blocking it completely. But in iOS it blocks all non-whitelisted domains. Please let me know whether this is the expected behavior in whitelisting for Android?. If so, has this been identified as a known issue and planning to be fixed in future release? Appreciate your early response on this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira