You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by GitBox <gi...@apache.org> on 2019/02/28 22:56:33 UTC
[GitHub] purplecabbage opened a new pull request #436: [android] Prevent
malformed callbackId from reaching app cordova view
purplecabbage opened a new pull request #436: [android] Prevent malformed callbackId from reaching app cordova view
URL: https://github.com/apache/cordova-plugin-inappbrowser/pull/436
### Platforms affected
Android
### Motivation and Context
Certain poorly formed callbackId(s) could be used to execute js code in the context of the cordova app.
### Description
Uses a regex check to make sure the callbackId requested matches the pattern. This is the same pattern matching code that is already used in iOS.
### Testing
Manually tested.
### Checklist
- [x] I've run the tests to see all new and existing tests pass
- [ ] I added automated test coverage as appropriate for this change
- [ ] Commit is prefixed with `(platform)` if this change only applies to one platform (e.g. `(android)`)
- [ ] If this Pull Request resolves an issue, I linked to the issue in the text above (and used the correct [keyword to close issues using keywords](https://help.github.com/articles/closing-issues-using-keywords/))
- [ ] I've updated the documentation if necessary
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org