You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by na...@apache.org on 2014/08/28 21:03:57 UTC

[43/50] git commit: CB-7291: Restrict meaning of "*" in internal whitelist to just http and https

CB-7291: Restrict meaning of "*" in internal whitelist to just http and https


Project: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/commit/5f2ced5b
Tree: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/tree/5f2ced5b
Diff: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/diff/5f2ced5b

Branch: refs/heads/master
Commit: 5f2ced5ba09c1b0f7080537d082e474b98b4e7cc
Parents: 8afa753
Author: Ian Clelland <ic...@chromium.org>
Authored: Tue Aug 26 14:58:00 2014 -0400
Committer: Archana Naik <na...@lab126.com>
Committed: Thu Aug 28 11:12:58 2014 -0700

----------------------------------------------------------------------
 framework/src/org/apache/cordova/ConfigXmlParser.java | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/blob/5f2ced5b/framework/src/org/apache/cordova/ConfigXmlParser.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/ConfigXmlParser.java b/framework/src/org/apache/cordova/ConfigXmlParser.java
index 57cf222..cc5b2fa 100644
--- a/framework/src/org/apache/cordova/ConfigXmlParser.java
+++ b/framework/src/org/apache/cordova/ConfigXmlParser.java
@@ -110,7 +110,19 @@ public class ConfigXmlParser {
                     String origin = xml.getAttributeValue(null, "origin");
                     String subdomains = xml.getAttributeValue(null, "subdomains");
                     if (origin != null) {
-                        whitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0));
+                        if (external) {
+                            externalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0));
+                        } else {
+                            if ("*".equals(origin)) {
+                                // Special-case * origin to mean http and https when used for internal
+                                // whitelist. This prevents external urls like sms: and geo: from being
+                                // handled internally.
+                                internalWhitelist.addWhiteListEntry("http://*/*", false);
+                                internalWhitelist.addWhiteListEntry("https://*/*", false);
+                            } else {
+                                internalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0));
+                            }
+                        }
                     }
                 }
                 else if (strNode.equals("preference")) {