You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ma...@apache.org on 2014/09/24 01:23:06 UTC
svn commit: r1627177 - in /cordova/site/public/docs/en:
3.6.0/guide_appdev_whitelist_index.md.html
edge/guide_appdev_whitelist_index.md.html
Author: marcelk
Date: Tue Sep 23 23:23:05 2014
New Revision: 1627177
URL: http://svn.apache.org/r1627177
Log:
CB-7623 publish changes
Modified:
cordova/site/public/docs/en/3.6.0/guide_appdev_whitelist_index.md.html
cordova/site/public/docs/en/edge/guide_appdev_whitelist_index.md.html
Modified: cordova/site/public/docs/en/3.6.0/guide_appdev_whitelist_index.md.html
URL: http://svn.apache.org/viewvc/cordova/site/public/docs/en/3.6.0/guide_appdev_whitelist_index.md.html?rev=1627177&r1=1627176&r2=1627177&view=diff
==============================================================================
--- cordova/site/public/docs/en/3.6.0/guide_appdev_whitelist_index.md.html (original)
+++ cordova/site/public/docs/en/3.6.0/guide_appdev_whitelist_index.md.html Tue Sep 23 23:23:05 2014
@@ -253,13 +253,13 @@ On older versions of Android, it may not
<p>Cordova 3.6.0 introduces a second whitelist, for restricting which URLs
are allowed to launch external applications. In previous versions of
Cordova, all non-http URLs, such as <code>mailto:</code>, <code>geo:</code>, <code>sms:</code> and <code>intent</code>,
-were implicitly allowed to be the target of a an <a> tag. Because of the
+were implicitly allowed to be the target of an <a> tag. Because of the
potential for an application to leak information, if an XSS vulnerability
allows an attacker to construct arbitrary links, these URLs must be
-whitelisted as well, starting in Cordova 3.6.0.</a></p>
+whitelisted as well, starting in Cordova 3.6.0.</p>
-<p>To allow a URL pattern to launch an external application, use an <access>
-tag in your <code>config.xml</code> file, with the <code>launch-external</code> attribute set.</access></p>
+<p>To allow a URL pattern to launch an external application, use an <access>
+tag in your <code>config.xml</code> file, with the <code>launch-external</code> attribute set.</p>
<p>Examples:</p>
@@ -267,28 +267,34 @@ tag in your <code>config.xml</code> file
<li>
<p>To allow links to send SMS messages:</p>
-<p><access origin="sms:*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code><access origin="sms:*" launch-external="yes" />
+</code></pre>
</li>
<li>
<p>To allow links to open Maps:</p>
-<p><access origin="geo:*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code><access origin="geo:*" launch-external="yes" />
+</code></pre>
</li>
<li>
<p>To allow links to example.com to open in an external browser:</p>
-<p><access origin="http://example.com/*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code><access origin="http://example.com/*" launch-external="yes" />
+</code></pre>
</li>
<li>
<p>To allow all non-whitelisted websites to open in an external browser:
(This is the same as the previous behaviour for non-whitelisted URLs)</p>
-<p><access origin="http://*" launch-external="yes"></access><access origin="https://*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code><access origin="http://*" launch-external="yes" />
+<access origin="https://*" launch-external="yes" />
+</code></pre>
</li>
<li>
<p>To allow access to all URLs, reverting to the Cordova 3.5.0 policy (not recommended):</p>
-<p><access origin="*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code><access origin="*" launch-external="yes" />
+</code></pre>
</li>
</ul>
<p>When navigating to a URL from within your application, the interal whitelist
Modified: cordova/site/public/docs/en/edge/guide_appdev_whitelist_index.md.html
URL: http://svn.apache.org/viewvc/cordova/site/public/docs/en/edge/guide_appdev_whitelist_index.md.html?rev=1627177&r1=1627176&r2=1627177&view=diff
==============================================================================
--- cordova/site/public/docs/en/edge/guide_appdev_whitelist_index.md.html (original)
+++ cordova/site/public/docs/en/edge/guide_appdev_whitelist_index.md.html Tue Sep 23 23:23:05 2014
@@ -253,13 +253,13 @@ On older versions of Android, it may not
<p>Cordova 3.6.0 introduces a second whitelist, for restricting which URLs
are allowed to launch external applications. In previous versions of
Cordova, all non-http URLs, such as <code>mailto:</code>, <code>geo:</code>, <code>sms:</code> and <code>intent</code>,
-were implicitly allowed to be the target of a an <a> tag. Because of the
+were implicitly allowed to be the target of an <a> tag. Because of the
potential for an application to leak information, if an XSS vulnerability
allows an attacker to construct arbitrary links, these URLs must be
-whitelisted as well, starting in Cordova 3.6.0.</a></p>
+whitelisted as well, starting in Cordova 3.6.0.</p>
-<p>To allow a URL pattern to launch an external application, use an <access>
-tag in your <code>config.xml</code> file, with the <code>launch-external</code> attribute set.</access></p>
+<p>To allow a URL pattern to launch an external application, use an <access>
+tag in your <code>config.xml</code> file, with the <code>launch-external</code> attribute set.</p>
<p>Examples:</p>
@@ -267,28 +267,34 @@ tag in your <code>config.xml</code> file
<li>
<p>To allow links to send SMS messages:</p>
-<p><access origin="sms:*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code><access origin="sms:*" launch-external="yes" />
+</code></pre>
</li>
<li>
<p>To allow links to open Maps:</p>
-<p><access origin="geo:*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code><access origin="geo:*" launch-external="yes" />
+</code></pre>
</li>
<li>
<p>To allow links to example.com to open in an external browser:</p>
-<p><access origin="http://example.com/*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code><access origin="http://example.com/*" launch-external="yes" />
+</code></pre>
</li>
<li>
<p>To allow all non-whitelisted websites to open in an external browser:
(This is the same as the previous behaviour for non-whitelisted URLs)</p>
-<p><access origin="http://*" launch-external="yes"></access><access origin="https://*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code><access origin="http://*" launch-external="yes" />
+<access origin="https://*" launch-external="yes" />
+</code></pre>
</li>
<li>
<p>To allow access to all URLs, reverting to the Cordova 3.5.0 policy (not recommended):</p>
-<p><access origin="*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code><access origin="*" launch-external="yes" />
+</code></pre>
</li>
</ul>
<p>When navigating to a URL from within your application, the interal whitelist