You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by bo...@apache.org on 2014/02/03 19:12:23 UTC
android commit: Removing addJavascriptInterface support from all
Android versions lower than 4.2 due to security vulnerability
Updated Branches:
refs/heads/master 438a8d8b7 -> dfae37421
Removing addJavascriptInterface support from all Android versions lower than 4.2 due to security vulnerability
Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/dfae3742
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/dfae3742
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/dfae3742
Branch: refs/heads/master
Commit: dfae37421d345031b41be1a4cbc9a3374d94ca16
Parents: 438a8d8
Author: Joe Bowser <bo...@apache.org>
Authored: Mon Feb 3 10:11:53 2014 -0800
Committer: Joe Bowser <bo...@apache.org>
Committed: Mon Feb 3 10:11:53 2014 -0800
----------------------------------------------------------------------
framework/src/org/apache/cordova/CordovaWebView.java | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-android/blob/dfae3742/framework/src/org/apache/cordova/CordovaWebView.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/CordovaWebView.java b/framework/src/org/apache/cordova/CordovaWebView.java
index 36d628d..b30ea78 100755
--- a/framework/src/org/apache/cordova/CordovaWebView.java
+++ b/framework/src/org/apache/cordova/CordovaWebView.java
@@ -361,18 +361,13 @@ public class CordovaWebView extends WebView {
private void exposeJsInterface() {
int SDK_INT = Build.VERSION.SDK_INT;
- boolean isHoneycomb = (SDK_INT >= Build.VERSION_CODES.HONEYCOMB && SDK_INT <= Build.VERSION_CODES.HONEYCOMB_MR2);
- if (isHoneycomb || (SDK_INT < Build.VERSION_CODES.GINGERBREAD)) {
+ if ((SDK_INT < Build.VERSION_CODES.JELLY_BEAN_MR1)) {
Log.i(TAG, "Disabled addJavascriptInterface() bridge since Android version is old.");
// Bug being that Java Strings do not get converted to JS strings automatically.
// This isn't hard to work-around on the JS side, but it's easier to just
// use the prompt bridge instead.
return;
- } else if (SDK_INT < Build.VERSION_CODES.HONEYCOMB && Build.MANUFACTURER.equals("unknown")) {
- // addJavascriptInterface crashes on the 2.3 emulator.
- Log.i(TAG, "Disabled addJavascriptInterface() bridge callback due to a bug on the 2.3 emulator");
- return;
- }
+ }
this.addJavascriptInterface(exposedJsApi, "_cordovaNative");
}