You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by pu...@apache.org on 2019/03/02 04:54:53 UTC
[cordova-plugin-inappbrowser] branch master updated: Prevent
malformed callbackId from reaching app cordova view
This is an automated email from the ASF dual-hosted git repository.
purplecabbage pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cordova-plugin-inappbrowser.git
The following commit(s) were added to refs/heads/master by this push:
new 6861084 Prevent malformed callbackId from reaching app cordova view
new c95dbcb Merge pull request #436 from purplecabbage/ValidateCallbackId
6861084 is described below
commit 686108484e6a7c1a316d7c6bc869c209c46d27e3
Author: Jesse MacFadyen <pu...@gmail.com>
AuthorDate: Thu Feb 28 14:52:01 2019 -0800
Prevent malformed callbackId from reaching app cordova view
---
src/android/InAppChromeClient.java | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/android/InAppChromeClient.java b/src/android/InAppChromeClient.java
index a2145e6..fe5dd34 100644
--- a/src/android/InAppChromeClient.java
+++ b/src/android/InAppChromeClient.java
@@ -104,7 +104,7 @@ public class InAppChromeClient extends WebChromeClient {
if(defaultValue.startsWith("gap-iab://")) {
PluginResult scriptResult;
String scriptCallbackId = defaultValue.substring(10);
- if (scriptCallbackId.startsWith("InAppBrowser")) {
+ if (scriptCallbackId.matches("^InAppBrowser[0-9]{1,10}$")) {
if(message == null || message.length() == 0) {
scriptResult = new PluginResult(PluginResult.Status.OK, new JSONArray());
} else {
@@ -118,9 +118,14 @@ public class InAppChromeClient extends WebChromeClient {
result.confirm("");
return true;
}
+ else {
+ // Anything else that doesn't look like InAppBrowser0123456789 should end up here
+ LOG.w(LOG_TAG, "InAppBrowser callback called with invalid callbackId : "+ scriptCallbackId);
+ result.cancel();
+ return true;
+ }
}
- else
- {
+ else {
// Anything else with a gap: prefix should get this message
LOG.w(LOG_TAG, "InAppBrowser does not support Cordova API calls: " + url + " " + defaultValue);
result.cancel();
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org