You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by GitBox <gi...@apache.org> on 2019/10/24 19:00:35 UTC

[GitHub] [cordova-docs] Lindsay-Needs-Sleep edited a comment on issue #1022: Document warnings on using remote source for 

Lindsay-Needs-Sleep edited a comment on issue #1022: Document warnings on using remote source for <content>
URL: https://github.com/apache/cordova-docs/issues/1022#issuecomment-546055951
 
 
   1-ish)
   
   > your app must use WebKit and JavaScript Core to run third-party software and should not attempt to extend or expose native platform APIs to third-party software;
   
   As long as third-party software doesn't touch it, it should be fine.  If you only go to your website, (and we are 1st or 2nd party in our app right?  no definition of third party to be found), it should be fine?  And they can't just mean all third party software.... That would mean no jQuery (remote or local).
   
   Most reasonably, the intent, (baring monetary reasons), is probably to prevent malicious third party code from having access to native APIs.  So probably the best way to handle this is not load any script tags except for those tags which you explicitly control.  Eg. no dynamic facebook/jquery, only the static versions that you host yourself or have loaded to the app yourself (ensuring no third party has the ability to change their code and gain access through your app).
   
   2-ish)
   
   > only uses capabilities available in a standard WebKit view (e.g. it must open and run natively in Safari without modifications or additional software)
   
   Is it correct to say Cordova uses extended capabilities provided by the standard webview?  Does that count as safari modifications?  If so, I would say that is the end of Cordova.
   
   Conclusion:
   I don't really see much here the applies anymore specifically to remote urls than local ones.
   But if Apple is serious about # 2.  Well poop.
   
   (PS.  Why do you think this kind of usage is improper?  I think it has incredible potential.  Eg. write one website that works for desktop and apps.  Great for teams with low man power.)

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org