You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ag...@apache.org on 2015/02/19 16:07:39 UTC
android commit: Remove explicit whitelisting of content: in
CordovaBridge
Repository: cordova-android
Updated Branches:
refs/heads/master f1d4c0119 -> 11d6b8029
Remove explicit whitelisting of content: in CordovaBridge
It was redundant since we now check if the URL should be allowed to
be navigated to.
Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/11d6b802
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/11d6b802
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/11d6b802
Branch: refs/heads/master
Commit: 11d6b8029f8e67b00ec64a41742039356b7dca65
Parents: f1d4c01
Author: Andrew Grieve <ag...@chromium.org>
Authored: Thu Feb 19 10:06:36 2015 -0500
Committer: Andrew Grieve <ag...@chromium.org>
Committed: Thu Feb 19 10:06:36 2015 -0500
----------------------------------------------------------------------
framework/src/org/apache/cordova/AndroidWebView.java | 2 +-
framework/src/org/apache/cordova/CordovaBridge.java | 14 +++-----------
2 files changed, 4 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-android/blob/11d6b802/framework/src/org/apache/cordova/AndroidWebView.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/AndroidWebView.java b/framework/src/org/apache/cordova/AndroidWebView.java
index c576af0..50641fe 100755
--- a/framework/src/org/apache/cordova/AndroidWebView.java
+++ b/framework/src/org/apache/cordova/AndroidWebView.java
@@ -780,7 +780,7 @@ public class AndroidWebView extends WebView implements CordovaWebView {
void onPageReset() {
boundKeyCodes.clear();
pluginManager.onReset();
- bridge.reset(loadedUrl);
+ bridge.reset();
}
@Override
http://git-wip-us.apache.org/repos/asf/cordova-android/blob/11d6b802/framework/src/org/apache/cordova/CordovaBridge.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/CordovaBridge.java b/framework/src/org/apache/cordova/CordovaBridge.java
index c55f152..bf95588 100644
--- a/framework/src/org/apache/cordova/CordovaBridge.java
+++ b/framework/src/org/apache/cordova/CordovaBridge.java
@@ -20,7 +20,6 @@ package org.apache.cordova;
import java.security.SecureRandom;
-import org.apache.cordova.PluginManager;
import org.json.JSONArray;
import org.json.JSONException;
@@ -36,13 +35,10 @@ public class CordovaBridge {
private PluginManager pluginManager;
private NativeToJsMessageQueue jsMessageQueue;
private volatile int expectedBridgeSecret = -1; // written by UI thread, read by JS thread.
- private String loadedUrl;
- private String appContentUrlPrefix;
public CordovaBridge(PluginManager pluginManager, NativeToJsMessageQueue jsMessageQueue, String packageName) {
this.pluginManager = pluginManager;
this.jsMessageQueue = jsMessageQueue;
- this.appContentUrlPrefix = "content://" + packageName + ".";
}
public String jsExec(int bridgeSecret, String service, String action, String callbackId, String arguments) throws JSONException, IllegalAccessException {
@@ -118,10 +114,9 @@ public class CordovaBridge {
return expectedBridgeSecret;
}
- public void reset(String loadedUrl) {
+ public void reset() {
jsMessageQueue.reset();
clearBridgeSecret();
- this.loadedUrl = loadedUrl;
}
public String promptOnJsPrompt(String origin, String message, String defaultValue) {
@@ -167,11 +162,8 @@ public class CordovaBridge {
}
else if (defaultValue != null && defaultValue.startsWith("gap_init:")) {
// Protect against random iframes being able to talk through the bridge.
- // Trust only file URLs and pages which the app would have been allowed
- // to navigate to anyway.
- if (origin.startsWith("file:") ||
- origin.startsWith(this.appContentUrlPrefix) ||
- pluginManager.shouldAllowNavigation(origin)) {
+ // Trust only pages which the app would have been allowed to navigate to anyway.
+ if (pluginManager.shouldAllowNavigation(origin)) {
// Enable the bridge
int bridgeMode = Integer.parseInt(defaultValue.substring(9));
jsMessageQueue.setBridgeMode(bridgeMode);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org