You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ia...@apache.org on 2014/08/26 21:25:01 UTC
[1/3] android commit: CB-7291: Only add file,
content and data URLs to internal whitelist
Repository: cordova-android
Updated Branches:
refs/heads/CB-7291 8b55a1698 -> 6e222c393
CB-7291: Only add file, content and data URLs to internal whitelist
Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/3b3bd9b6
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/3b3bd9b6
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/3b3bd9b6
Branch: refs/heads/CB-7291
Commit: 3b3bd9b6c917fe3ca9fdc967e9812b56ce7ca47a
Parents: 4e3331b
Author: Ian Clelland <ic...@chromium.org>
Authored: Thu Aug 21 16:10:32 2014 -0400
Committer: Ian Clelland <ic...@chromium.org>
Committed: Thu Aug 21 16:27:48 2014 -0400
----------------------------------------------------------------------
framework/src/org/apache/cordova/ConfigXmlParser.java | 5 +++++
framework/src/org/apache/cordova/Whitelist.java | 4 ----
2 files changed, 5 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-android/blob/3b3bd9b6/framework/src/org/apache/cordova/ConfigXmlParser.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/ConfigXmlParser.java b/framework/src/org/apache/cordova/ConfigXmlParser.java
index 9179f98..2a667a9 100644
--- a/framework/src/org/apache/cordova/ConfigXmlParser.java
+++ b/framework/src/org/apache/cordova/ConfigXmlParser.java
@@ -82,6 +82,11 @@ public class ConfigXmlParser {
boolean insideFeature = false;
ArrayList<String> urlMap = null;
+ // Add implicitly allowed URLs
+ internalWhitelist.addWhiteListEntry("file:///*", false);
+ internalWhitelist.addWhiteListEntry("content:///*", false);
+ internalWhitelist.addWhiteListEntry("data:*", false);
+
while (eventType != XmlResourceParser.END_DOCUMENT) {
if (eventType == XmlResourceParser.START_TAG) {
String strNode = xml.getName();
http://git-wip-us.apache.org/repos/asf/cordova-android/blob/3b3bd9b6/framework/src/org/apache/cordova/Whitelist.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/Whitelist.java b/framework/src/org/apache/cordova/Whitelist.java
index 5101ec3..d0f823c 100644
--- a/framework/src/org/apache/cordova/Whitelist.java
+++ b/framework/src/org/apache/cordova/Whitelist.java
@@ -98,10 +98,6 @@ public class Whitelist {
public Whitelist() {
this.whiteList = new ArrayList<URLPattern>();
- // Add implicitly allowed URLs
- addWhiteListEntry("file:///*", false);
- addWhiteListEntry("content:///*", false);
- addWhiteListEntry("data:*", false);
}
/* Match patterns (from http://developer.chrome.com/extensions/match_patterns.html)
[3/3] android commit: CB-7291: Restrict meaning of "*" in internal
whitelist to just http and https
Posted by ia...@apache.org.
CB-7291: Restrict meaning of "*" in internal whitelist to just http and https
Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/6e222c39
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/6e222c39
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/6e222c39
Branch: refs/heads/CB-7291
Commit: 6e222c3938db43fc00f3d6f8fbb138af075c689b
Parents: 3b3bd9b
Author: Ian Clelland <ic...@chromium.org>
Authored: Tue Aug 26 14:58:00 2014 -0400
Committer: Ian Clelland <ic...@chromium.org>
Committed: Tue Aug 26 15:23:24 2014 -0400
----------------------------------------------------------------------
framework/src/org/apache/cordova/ConfigXmlParser.java | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-android/blob/6e222c39/framework/src/org/apache/cordova/ConfigXmlParser.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/ConfigXmlParser.java b/framework/src/org/apache/cordova/ConfigXmlParser.java
index 2a667a9..1ada1af 100644
--- a/framework/src/org/apache/cordova/ConfigXmlParser.java
+++ b/framework/src/org/apache/cordova/ConfigXmlParser.java
@@ -119,7 +119,15 @@ public class ConfigXmlParser {
if (external) {
externalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0));
} else {
- internalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0));
+ if ("*".equals(origin)) {
+ // Special-case * origin to mean http and https when used for internal
+ // whitelist. This prevents external urls like sms: and geo: from being
+ // handled internally.
+ internalWhitelist.addWhiteListEntry("http://*/*", false);
+ internalWhitelist.addWhiteListEntry("https://*/*", false);
+ } else {
+ internalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0));
+ }
}
}
}
[2/3] android commit: CB-7291: Add defaults to external whitelist
Posted by ia...@apache.org.
CB-7291: Add defaults to external whitelist
Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/4e3331ba
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/4e3331ba
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/4e3331ba
Branch: refs/heads/CB-7291
Commit: 4e3331ba6699d323420c7762efef633c7ca20324
Parents: 8b55a16
Author: Ian Clelland <ic...@chromium.org>
Authored: Thu Aug 21 15:59:05 2014 -0400
Committer: Ian Clelland <ic...@chromium.org>
Committed: Thu Aug 21 16:27:48 2014 -0400
----------------------------------------------------------------------
framework/res/xml/config.xml | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-android/blob/4e3331ba/framework/res/xml/config.xml
----------------------------------------------------------------------
diff --git a/framework/res/xml/config.xml b/framework/res/xml/config.xml
index 50459b9..6f4a264 100644
--- a/framework/res/xml/config.xml
+++ b/framework/res/xml/config.xml
@@ -30,7 +30,20 @@
Apache Cordova Team
</author>
- <access origin="*"/>
+ <!-- Allow access to arbitrary URLs in the Cordova WebView. This is a
+ development mode setting, and should be changed for production. -->
+ <access origin="http://*/*"/>
+ <access origin="https://*/*"/>
+
+ <!-- Grant certain URLs the ability to launch external applications. This
+ behaviour is set to match that of Cordova versions before 3.6.0, and
+ should be reviewed before launching an application in production. It
+ may be changed in the future. -->
+ <access origin="tel:*" launch-external="yes"/>
+ <access origin="geo:*" launch-external="yes"/>
+ <access origin="mailto:*" launch-external="yes"/>
+ <access origin="sms:*" launch-external="yes"/>
+ <access origin="market:*" launch-external="yes"/>
<!-- <content src="http://mysite.com/myapp.html" /> for external pages -->
<content src="index.html" />