You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/04/26 23:10:00 UTC
[jira] [Commented] (CB-14048) Inappbrowser allowedSchemes doesn't
check empty string
[ https://issues.apache.org/jira/browse/CB-14048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16455532#comment-16455532 ]
ASF GitHub Bot commented on CB-14048:
-------------------------------------
wtrocki opened a new pull request #268: CB-14048: (android) allowedSchemes check empty string fix
URL: https://github.com/apache/cordova-plugin-inappbrowser/pull/268
## Motivation
The new AllowSchemes introduced with inappbrowser@3.0.0 doesn't check if AllowSchemes contains empty string after having being loaded, respectively only if null, which could lead to error in case a custom scheme is use but not set as white listed schema
What I mean is that, if no preference would be set in config.xml but a custom scheme would be used (my case) then the variable allowSchemes won't be null but will contains an empty string
Fix for https://issues.apache.org/jira/browse/CB-14048
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
> Inappbrowser allowedSchemes doesn't check empty string
> ------------------------------------------------------
>
> Key: CB-14048
> URL: https://issues.apache.org/jira/browse/CB-14048
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-plugin-inappbrowser
> Reporter: Reed Richards
> Priority: Minor
>
> The new AllowSchemes introduced with inappbrowser@3.0.0 doesn't check if _AllowSchemes_ contains empty string after having being loaded, respectively only if _null_, which could lead to error in case a custom scheme is use but not set as white listed schema
> What I mean is that, if no _preference_ would be set in _config.xml_ but a custom scheme would be used (my case) then the variable _allowSchemes_ won't be _null_ but will contains an _empty string_
>
> In InAppBrowser.java
>
> {code:java}
> else if (!url.startsWith("http:") && !url.startsWith("https:") && url.matches("^[a-z]*://.*?$")) {
> if (allowedSchemes == null) {
> String allowed = preferences.getString("AllowedSchemes", "");
> allowedSchemes = allowed.split(",");
> }
> if (allowedSchemes != null) { // <------- If preference AllowedSchemes is not specified, variable allowedSchemes not gonna be null but an array containing an empty string
> for (String scheme : allowedSchemes) {
> if (url.startsWith(scheme)) {
> if (url.startsWith(scheme)) { // <------ which leads to the problem "urlidontwanttowhilelist://".startsWith("") == true{code}
>
> I would like to improve this check for example like following
>
> {code:java}
> if (url.startsWith(scheme) && !"".equals(scheme)) {
> {code}
>
> Thx in advance for the improvement
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org