You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cordova.apache.org by bo...@apache.org on 2014/02/03 19:12:23 UTC

android commit: Removing addJavascriptInterface support from all Android versions lower than 4.2 due to security vulnerability

Updated Branches:
  refs/heads/master 438a8d8b7 -> dfae37421


Removing addJavascriptInterface support from all Android versions lower than 4.2 due to security vulnerability


Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/dfae3742
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/dfae3742
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/dfae3742

Branch: refs/heads/master
Commit: dfae37421d345031b41be1a4cbc9a3374d94ca16
Parents: 438a8d8
Author: Joe Bowser <bo...@apache.org>
Authored: Mon Feb 3 10:11:53 2014 -0800
Committer: Joe Bowser <bo...@apache.org>
Committed: Mon Feb 3 10:11:53 2014 -0800

----------------------------------------------------------------------
 framework/src/org/apache/cordova/CordovaWebView.java | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-android/blob/dfae3742/framework/src/org/apache/cordova/CordovaWebView.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/CordovaWebView.java b/framework/src/org/apache/cordova/CordovaWebView.java
index 36d628d..b30ea78 100755
--- a/framework/src/org/apache/cordova/CordovaWebView.java
+++ b/framework/src/org/apache/cordova/CordovaWebView.java
@@ -361,18 +361,13 @@ public class CordovaWebView extends WebView {
 
     private void exposeJsInterface() {
         int SDK_INT = Build.VERSION.SDK_INT;
-        boolean isHoneycomb = (SDK_INT >= Build.VERSION_CODES.HONEYCOMB && SDK_INT <= Build.VERSION_CODES.HONEYCOMB_MR2);
-        if (isHoneycomb || (SDK_INT < Build.VERSION_CODES.GINGERBREAD)) {
+        if ((SDK_INT < Build.VERSION_CODES.JELLY_BEAN_MR1)) {
             Log.i(TAG, "Disabled addJavascriptInterface() bridge since Android version is old.");
             // Bug being that Java Strings do not get converted to JS strings automatically.
             // This isn't hard to work-around on the JS side, but it's easier to just
             // use the prompt bridge instead.
             return;            
-        } else if (SDK_INT < Build.VERSION_CODES.HONEYCOMB && Build.MANUFACTURER.equals("unknown")) {
-            // addJavascriptInterface crashes on the 2.3 emulator.
-            Log.i(TAG, "Disabled addJavascriptInterface() bridge callback due to a bug on the 2.3 emulator");
-            return;
-        }
+        } 
         this.addJavascriptInterface(exposedJsApi, "_cordovaNative");
     }