You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by br...@apache.org on 2013/03/26 17:29:23 UTC
android commit: Fixed protocol regex bug. Unknown protocol support
Added whitelist support for unknown protocols
Updated Branches:
refs/heads/master 73c7994cd -> f4859444d
Fixed protocol regex bug. Unknown protocol support Added whitelist support for unknown protocols
Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/f4859444
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/f4859444
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/f4859444
Branch: refs/heads/master
Commit: f4859444ddca5a94a1bcb8d7fcfef6faedc476d2
Parents: 73c7994
Author: Shravan Narayan <sh...@dhcp-172-23-180-146.wat.corp.google.com>
Authored: Tue Mar 26 00:10:26 2013 -0400
Committer: Shravan Narayan <sh...@dhcp-172-23-180-146.wat.corp.google.com>
Committed: Tue Mar 26 00:20:11 2013 -0400
----------------------------------------------------------------------
framework/src/org/apache/cordova/Config.java | 24 ++++++++++++++++----
1 files changed, 19 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-android/blob/f4859444/framework/src/org/apache/cordova/Config.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/Config.java b/framework/src/org/apache/cordova/Config.java
index f5de38d..594c2b2 100644
--- a/framework/src/org/apache/cordova/Config.java
+++ b/framework/src/org/apache/cordova/Config.java
@@ -171,7 +171,7 @@ public class Config {
LOG.i("CordovaLog", "Found start page location: %s", src);
if (src != null) {
- Pattern schemeRegex = Pattern.compile("^[a-z]+://");
+ Pattern schemeRegex = Pattern.compile("^[a-z-]+://");
Matcher matcher = schemeRegex.matcher(src);
if (matcher.find()) {
startUrl = src;
@@ -220,19 +220,33 @@ public class Config {
} else { // specific access
// check if subdomains should be included
// TODO: we should not add more domains if * has already been added
+ Pattern schemeRegex = Pattern.compile("^[a-z-]+://");
+ Matcher matcher = schemeRegex.matcher(origin);
if (subdomains) {
- // XXX making it stupid friendly for people who forget to include protocol/SSL
+ // Check for http or https protocols
if (origin.startsWith("http")) {
this.whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://(.*\\.)?")));
- } else {
+ }
+ // Check for other protocols
+ else if(matcher.find()){
+ this.whiteList.add(Pattern.compile("^" + origin.replaceFirst("//", "//(.*\\.)?")));
+ }
+ // XXX making it stupid friendly for people who forget to include protocol/SSL
+ else {
this.whiteList.add(Pattern.compile("^https?://(.*\\.)?" + origin));
}
LOG.d(TAG, "Origin to allow with subdomains: %s", origin);
} else {
- // XXX making it stupid friendly for people who forget to include protocol/SSL
+ // Check for http or https protocols
if (origin.startsWith("http")) {
this.whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://")));
- } else {
+ }
+ // Check for other protocols
+ else if(matcher.find()){
+ this.whiteList.add(Pattern.compile("^" + origin));
+ }
+ // XXX making it stupid friendly for people who forget to include protocol/SSL
+ else {
this.whiteList.add(Pattern.compile("^https?://" + origin));
}
LOG.d(TAG, "Origin to allow: %s", origin);