You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ia...@apache.org on 2015/02/11 22:20:52 UTC
android commit: Remove redundant whitelist checks
Repository: cordova-android
Updated Branches:
refs/heads/unplug-whitelist-4.0.0 167e28345 -> a8bec4ec9
Remove redundant whitelist checks
Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/a8bec4ec
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/a8bec4ec
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/a8bec4ec
Branch: refs/heads/unplug-whitelist-4.0.0
Commit: a8bec4ec9c5702fd2fd00843dd3e4f5aafec0f76
Parents: 167e283
Author: Ian Clelland <ic...@chromium.org>
Authored: Wed Feb 11 16:19:54 2015 -0500
Committer: Ian Clelland <ic...@chromium.org>
Committed: Wed Feb 11 16:19:54 2015 -0500
----------------------------------------------------------------------
framework/src/org/apache/cordova/CordovaActivity.java | 5 +----
framework/src/org/apache/cordova/CordovaBridge.java | 3 ---
2 files changed, 1 insertion(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-android/blob/a8bec4ec/framework/src/org/apache/cordova/CordovaActivity.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/CordovaActivity.java b/framework/src/org/apache/cordova/CordovaActivity.java
index 368671d..bc262a6 100755
--- a/framework/src/org/apache/cordova/CordovaActivity.java
+++ b/framework/src/org/apache/cordova/CordovaActivity.java
@@ -351,10 +351,7 @@ public class CordovaActivity extends Activity {
// If errorUrl specified, then load it
final String errorUrl = preferences.getString("errorUrl", null);
CordovaUriHelper helper = new CordovaUriHelper(this.cordovaInterface, appView);
- if ((errorUrl != null) &&
- (!failingUrl.equals(errorUrl)) &&
- (appView != null && helper.shouldAllowNavigation(errorUrl))
- ) {
+ if ((errorUrl != null) && (!failingUrl.equals(errorUrl)) && (appView != null)) {
// Load URL on UI thread
me.runOnUiThread(new Runnable() {
public void run() {
http://git-wip-us.apache.org/repos/asf/cordova-android/blob/a8bec4ec/framework/src/org/apache/cordova/CordovaBridge.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/CordovaBridge.java b/framework/src/org/apache/cordova/CordovaBridge.java
index f581cf0..a6a97df 100644
--- a/framework/src/org/apache/cordova/CordovaBridge.java
+++ b/framework/src/org/apache/cordova/CordovaBridge.java
@@ -171,11 +171,8 @@ public class CordovaBridge {
// Protect against random iframes being able to talk through the bridge.
// Trust only file URLs and pages which the app would have been allowed
// to navigate to anyway.
- // Trust only file URLs and the start URL's domain.
- // The extra origin.startsWith("http") is to protect against iframes with data: having "" as origin.
if (origin.startsWith("file:") ||
origin.startsWith(this.appContentUrlPrefix) ||
- (origin.startsWith("http") && loadedUrl.startsWith(origin)) ||
helper.shouldAllowNavigation(origin)) {
// Enable the bridge
int bridgeMode = Integer.parseInt(defaultValue.substring(9));
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org