You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ma...@apache.org on 2014/09/24 01:23:06 UTC

svn commit: r1627177 - in /cordova/site/public/docs/en: 3.6.0/guide_appdev_whitelist_index.md.html edge/guide_appdev_whitelist_index.md.html

Author: marcelk
Date: Tue Sep 23 23:23:05 2014
New Revision: 1627177

URL: http://svn.apache.org/r1627177
Log:
CB-7623 publish changes

Modified:
    cordova/site/public/docs/en/3.6.0/guide_appdev_whitelist_index.md.html
    cordova/site/public/docs/en/edge/guide_appdev_whitelist_index.md.html

Modified: cordova/site/public/docs/en/3.6.0/guide_appdev_whitelist_index.md.html
URL: http://svn.apache.org/viewvc/cordova/site/public/docs/en/3.6.0/guide_appdev_whitelist_index.md.html?rev=1627177&r1=1627176&r2=1627177&view=diff
==============================================================================
--- cordova/site/public/docs/en/3.6.0/guide_appdev_whitelist_index.md.html (original)
+++ cordova/site/public/docs/en/3.6.0/guide_appdev_whitelist_index.md.html Tue Sep 23 23:23:05 2014
@@ -253,13 +253,13 @@ On older versions of Android, it may not
 <p>Cordova 3.6.0 introduces a second whitelist, for restricting which URLs
 are allowed to launch external applications. In previous versions of
 Cordova, all non-http URLs, such as <code>mailto:</code>, <code>geo:</code>, <code>sms:</code> and <code>intent</code>,
-were implicitly allowed to be the target of a an <a> tag. Because of the
+were implicitly allowed to be the target of an &lt;a&gt; tag. Because of the
 potential for an application to leak information, if an XSS vulnerability
 allows an attacker to construct arbitrary links, these URLs must be
-whitelisted as well, starting in Cordova 3.6.0.</a></p>
+whitelisted as well, starting in Cordova 3.6.0.</p>
 
-<p>To allow a URL pattern to launch an external application, use an <access>
-tag in your <code>config.xml</code> file, with the <code>launch-external</code> attribute set.</access></p>
+<p>To allow a URL pattern to launch an external application, use an &lt;access&gt;
+tag in your <code>config.xml</code> file, with the <code>launch-external</code> attribute set.</p>
 
 <p>Examples:</p>
 
@@ -267,28 +267,34 @@ tag in your <code>config.xml</code> file
 <li>
 <p>To allow links to send SMS messages:</p>
 
-<p><access origin="sms:*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code>&lt;access origin="sms:*" launch-external="yes" /&gt;
+</code></pre>
 </li>
 <li>
 <p>To allow links to open Maps:</p>
 
-<p><access origin="geo:*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code>&lt;access origin="geo:*" launch-external="yes" /&gt;
+</code></pre>
 </li>
 <li>
 <p>To allow links to example.com to open in an external browser:</p>
 
-<p><access origin="http://example.com/*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code>&lt;access origin="http://example.com/*" launch-external="yes" /&gt;
+</code></pre>
 </li>
 <li>
 <p>To allow all non-whitelisted websites to open in an external browser:
 (This is the same as the previous behaviour for non-whitelisted URLs)</p>
 
-<p><access origin="http://*" launch-external="yes"></access><access origin="https://*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code>&lt;access origin="http://*" launch-external="yes" /&gt;
+&lt;access origin="https://*" launch-external="yes" /&gt;
+</code></pre>
 </li>
 <li>
 <p>To allow access to all URLs, reverting to the Cordova 3.5.0 policy (not recommended):</p>
 
-<p><access origin="*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code>&lt;access origin="*" launch-external="yes" /&gt;
+</code></pre>
 </li>
 </ul>
 <p>When navigating to a URL from within your application, the interal whitelist

Modified: cordova/site/public/docs/en/edge/guide_appdev_whitelist_index.md.html
URL: http://svn.apache.org/viewvc/cordova/site/public/docs/en/edge/guide_appdev_whitelist_index.md.html?rev=1627177&r1=1627176&r2=1627177&view=diff
==============================================================================
--- cordova/site/public/docs/en/edge/guide_appdev_whitelist_index.md.html (original)
+++ cordova/site/public/docs/en/edge/guide_appdev_whitelist_index.md.html Tue Sep 23 23:23:05 2014
@@ -253,13 +253,13 @@ On older versions of Android, it may not
 <p>Cordova 3.6.0 introduces a second whitelist, for restricting which URLs
 are allowed to launch external applications. In previous versions of
 Cordova, all non-http URLs, such as <code>mailto:</code>, <code>geo:</code>, <code>sms:</code> and <code>intent</code>,
-were implicitly allowed to be the target of a an <a> tag. Because of the
+were implicitly allowed to be the target of an &lt;a&gt; tag. Because of the
 potential for an application to leak information, if an XSS vulnerability
 allows an attacker to construct arbitrary links, these URLs must be
-whitelisted as well, starting in Cordova 3.6.0.</a></p>
+whitelisted as well, starting in Cordova 3.6.0.</p>
 
-<p>To allow a URL pattern to launch an external application, use an <access>
-tag in your <code>config.xml</code> file, with the <code>launch-external</code> attribute set.</access></p>
+<p>To allow a URL pattern to launch an external application, use an &lt;access&gt;
+tag in your <code>config.xml</code> file, with the <code>launch-external</code> attribute set.</p>
 
 <p>Examples:</p>
 
@@ -267,28 +267,34 @@ tag in your <code>config.xml</code> file
 <li>
 <p>To allow links to send SMS messages:</p>
 
-<p><access origin="sms:*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code>&lt;access origin="sms:*" launch-external="yes" /&gt;
+</code></pre>
 </li>
 <li>
 <p>To allow links to open Maps:</p>
 
-<p><access origin="geo:*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code>&lt;access origin="geo:*" launch-external="yes" /&gt;
+</code></pre>
 </li>
 <li>
 <p>To allow links to example.com to open in an external browser:</p>
 
-<p><access origin="http://example.com/*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code>&lt;access origin="http://example.com/*" launch-external="yes" /&gt;
+</code></pre>
 </li>
 <li>
 <p>To allow all non-whitelisted websites to open in an external browser:
 (This is the same as the previous behaviour for non-whitelisted URLs)</p>
 
-<p><access origin="http://*" launch-external="yes"></access><access origin="https://*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code>&lt;access origin="http://*" launch-external="yes" /&gt;
+&lt;access origin="https://*" launch-external="yes" /&gt;
+</code></pre>
 </li>
 <li>
 <p>To allow access to all URLs, reverting to the Cordova 3.5.0 policy (not recommended):</p>
 
-<p><access origin="*" launch-external="yes"></access></p>
+<pre class="prettyprint"><code>&lt;access origin="*" launch-external="yes" /&gt;
+</code></pre>
 </li>
 </ul>
 <p>When navigating to a URL from within your application, the interal whitelist