You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cordova.apache.org by GitBox <gi...@apache.org> on 2021/01/05 14:04:49 UTC

[GitHub] [cordova-plugin-file] breautek commented on pull request #358: fix(ios) issue #349 - navigate to cdvfile with wkwebview

breautek commented on pull request #358:
URL: https://github.com/apache/cordova-plugin-file/pull/358#issuecomment-754655585


   > i'm beginning to think i am the only person in the world trying to load local cordova.js from remote, inside a wkwebview...
   
   Exposing `cordova.js` to a remote source is a security vulnerability. It opens the door for someone to load that remote source and allows malicious actors to exploit your app by giving them the ability to remotely call native APIs on behalf of your app. Do not do this. This would also be indirectly against iOS app store terms of service because you're exposing native APIs to developers who may not have signed the Apple developer agreement.
   
   I'm not sure what you're trying to accomplish but it sounds like you may be tackling your problem in the wrong way.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org