You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by na...@apache.org on 2014/08/28 21:03:57 UTC
[43/50] git commit: CB-7291: Restrict meaning of "*" in internal
whitelist to just http and https
CB-7291: Restrict meaning of "*" in internal whitelist to just http and https
Project: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/commit/5f2ced5b
Tree: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/tree/5f2ced5b
Diff: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/diff/5f2ced5b
Branch: refs/heads/master
Commit: 5f2ced5ba09c1b0f7080537d082e474b98b4e7cc
Parents: 8afa753
Author: Ian Clelland <ic...@chromium.org>
Authored: Tue Aug 26 14:58:00 2014 -0400
Committer: Archana Naik <na...@lab126.com>
Committed: Thu Aug 28 11:12:58 2014 -0700
----------------------------------------------------------------------
framework/src/org/apache/cordova/ConfigXmlParser.java | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/blob/5f2ced5b/framework/src/org/apache/cordova/ConfigXmlParser.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/ConfigXmlParser.java b/framework/src/org/apache/cordova/ConfigXmlParser.java
index 57cf222..cc5b2fa 100644
--- a/framework/src/org/apache/cordova/ConfigXmlParser.java
+++ b/framework/src/org/apache/cordova/ConfigXmlParser.java
@@ -110,7 +110,19 @@ public class ConfigXmlParser {
String origin = xml.getAttributeValue(null, "origin");
String subdomains = xml.getAttributeValue(null, "subdomains");
if (origin != null) {
- whitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0));
+ if (external) {
+ externalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0));
+ } else {
+ if ("*".equals(origin)) {
+ // Special-case * origin to mean http and https when used for internal
+ // whitelist. This prevents external urls like sms: and geo: from being
+ // handled internally.
+ internalWhitelist.addWhiteListEntry("http://*/*", false);
+ internalWhitelist.addWhiteListEntry("https://*/*", false);
+ } else {
+ internalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0));
+ }
+ }
}
}
else if (strNode.equals("preference")) {