You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ag...@apache.org on 2015/02/19 16:07:39 UTC

android commit: Remove explicit whitelisting of content: in CordovaBridge

Repository: cordova-android
Updated Branches:
  refs/heads/master f1d4c0119 -> 11d6b8029


Remove explicit whitelisting of content: in CordovaBridge

It was redundant since we now check if the URL should be allowed to
be navigated to.


Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/11d6b802
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/11d6b802
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/11d6b802

Branch: refs/heads/master
Commit: 11d6b8029f8e67b00ec64a41742039356b7dca65
Parents: f1d4c01
Author: Andrew Grieve <ag...@chromium.org>
Authored: Thu Feb 19 10:06:36 2015 -0500
Committer: Andrew Grieve <ag...@chromium.org>
Committed: Thu Feb 19 10:06:36 2015 -0500

----------------------------------------------------------------------
 framework/src/org/apache/cordova/AndroidWebView.java |  2 +-
 framework/src/org/apache/cordova/CordovaBridge.java  | 14 +++-----------
 2 files changed, 4 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-android/blob/11d6b802/framework/src/org/apache/cordova/AndroidWebView.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/AndroidWebView.java b/framework/src/org/apache/cordova/AndroidWebView.java
index c576af0..50641fe 100755
--- a/framework/src/org/apache/cordova/AndroidWebView.java
+++ b/framework/src/org/apache/cordova/AndroidWebView.java
@@ -780,7 +780,7 @@ public class AndroidWebView extends WebView implements CordovaWebView {
     void onPageReset() {
         boundKeyCodes.clear();
         pluginManager.onReset();
-        bridge.reset(loadedUrl);
+        bridge.reset();
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/cordova-android/blob/11d6b802/framework/src/org/apache/cordova/CordovaBridge.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/CordovaBridge.java b/framework/src/org/apache/cordova/CordovaBridge.java
index c55f152..bf95588 100644
--- a/framework/src/org/apache/cordova/CordovaBridge.java
+++ b/framework/src/org/apache/cordova/CordovaBridge.java
@@ -20,7 +20,6 @@ package org.apache.cordova;
 
 import java.security.SecureRandom;
 
-import org.apache.cordova.PluginManager;
 import org.json.JSONArray;
 import org.json.JSONException;
 
@@ -36,13 +35,10 @@ public class CordovaBridge {
     private PluginManager pluginManager;
     private NativeToJsMessageQueue jsMessageQueue;
     private volatile int expectedBridgeSecret = -1; // written by UI thread, read by JS thread.
-    private String loadedUrl;
-    private String appContentUrlPrefix;
 
     public CordovaBridge(PluginManager pluginManager, NativeToJsMessageQueue jsMessageQueue, String packageName) {
         this.pluginManager = pluginManager;
         this.jsMessageQueue = jsMessageQueue;
-        this.appContentUrlPrefix = "content://" + packageName + ".";
     }
 
     public String jsExec(int bridgeSecret, String service, String action, String callbackId, String arguments) throws JSONException, IllegalAccessException {
@@ -118,10 +114,9 @@ public class CordovaBridge {
         return expectedBridgeSecret;
     }
 
-    public void reset(String loadedUrl) {
+    public void reset() {
         jsMessageQueue.reset();
         clearBridgeSecret();        
-        this.loadedUrl = loadedUrl;
     }
 
     public String promptOnJsPrompt(String origin, String message, String defaultValue) {
@@ -167,11 +162,8 @@ public class CordovaBridge {
         }
         else if (defaultValue != null && defaultValue.startsWith("gap_init:")) {
             // Protect against random iframes being able to talk through the bridge.
-            // Trust only file URLs and pages which the app would have been allowed
-            // to navigate to anyway.
-            if (origin.startsWith("file:") ||
-                origin.startsWith(this.appContentUrlPrefix) ||
-                pluginManager.shouldAllowNavigation(origin)) {
+            // Trust only pages which the app would have been allowed to navigate to anyway.
+            if (pluginManager.shouldAllowNavigation(origin)) {
                 // Enable the bridge
                 int bridgeMode = Integer.parseInt(defaultValue.substring(9));
                 jsMessageQueue.setBridgeMode(bridgeMode);


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org