You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cordova.apache.org by "Dave Charles Johnson (Created) (JIRA)" <ji...@apache.org> on 2011/11/25 21:53:40 UTC

[jira] [Created] (CB-23) Remove App.addWhiteListEntry() since it allows runtime code to override build time settings

Remove App.addWhiteListEntry() since it allows runtime code to override build time settings
-------------------------------------------------------------------------------------------

                 Key: CB-23
                 URL: https://issues.apache.org/jira/browse/CB-23
             Project: Apache Callback
          Issue Type: Bug
            Reporter: Dave Charles Johnson


This is probably a security problem since the whole idea of the whitelist is to prevent runtime code from accessing a domain unless it's in the whitelist.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (CB-23) Remove App.addWhiteListEntry() since it allows runtime code to override build time settings

Posted by "Simon MacDonald (Resolved) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CB-23?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Simon MacDonald resolved CB-23.
-------------------------------

    Resolution: Fixed

The code has been removed:

https://github.com/callback/callback-android/commit/e02322b66b7588e93433697493b1a4795e78227a
                
> Remove App.addWhiteListEntry() since it allows runtime code to override build time settings
> -------------------------------------------------------------------------------------------
>
>                 Key: CB-23
>                 URL: https://issues.apache.org/jira/browse/CB-23
>             Project: Apache Callback
>          Issue Type: Bug
>          Components: Android
>    Affects Versions: 1.1.0, 1.2.0
>            Reporter: Dave Charles Johnson
>            Assignee: Simon MacDonald
>             Fix For: 1.3.0
>
>
> This is probably a security problem since the whole idea of the whitelist is to prevent runtime code from accessing a domain unless it's in the whitelist.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (CB-23) Remove App.addWhiteListEntry() since it allows runtime code to override build time settings

Posted by "Shazron Abdullah (Updated) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CB-23?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Shazron Abdullah updated CB-23:
-------------------------------

    Component/s: Android
    
> Remove App.addWhiteListEntry() since it allows runtime code to override build time settings
> -------------------------------------------------------------------------------------------
>
>                 Key: CB-23
>                 URL: https://issues.apache.org/jira/browse/CB-23
>             Project: Apache Callback
>          Issue Type: Bug
>          Components: Android
>            Reporter: Dave Charles Johnson
>
> This is probably a security problem since the whole idea of the whitelist is to prevent runtime code from accessing a domain unless it's in the whitelist.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (CB-23) Remove App.addWhiteListEntry() since it allows runtime code to override build time settings

Posted by "Simon MacDonald (Updated) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CB-23?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Simon MacDonald updated CB-23:
------------------------------

    Affects Version/s: 1.1.0
                       1.2.0
        Fix Version/s: 1.3.0
             Assignee: Simon MacDonald
    
> Remove App.addWhiteListEntry() since it allows runtime code to override build time settings
> -------------------------------------------------------------------------------------------
>
>                 Key: CB-23
>                 URL: https://issues.apache.org/jira/browse/CB-23
>             Project: Apache Callback
>          Issue Type: Bug
>          Components: Android
>    Affects Versions: 1.1.0, 1.2.0
>            Reporter: Dave Charles Johnson
>            Assignee: Simon MacDonald
>             Fix For: 1.3.0
>
>
> This is probably a security problem since the whole idea of the whitelist is to prevent runtime code from accessing a domain unless it's in the whitelist.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira