You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by st...@apache.org on 2015/03/12 23:58:53 UTC
[1/5] cordova-app-hello-world git commit: Updated releasenotes
Repository: cordova-app-hello-world
Updated Branches:
refs/heads/3.8.x 0b55140d0 -> 79448fd99
refs/heads/master c7253f12a -> 15cefa232
Updated releasenotes
Project: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/commit/15cefa23
Tree: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/tree/15cefa23
Diff: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/diff/15cefa23
Branch: refs/heads/master
Commit: 15cefa232392f4f403e32965d736a241a47e5e22
Parents: c7253f1
Author: Steve Gill <st...@gmail.com>
Authored: Thu Mar 12 15:51:27 2015 -0700
Committer: Steve Gill <st...@gmail.com>
Committed: Thu Mar 12 15:51:27 2015 -0700
----------------------------------------------------------------------
RELEASENOTES.md | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/blob/15cefa23/RELEASENOTES.md
----------------------------------------------------------------------
diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index 37bac19..c52b1b4 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -21,6 +21,8 @@
# Release Notes
### 3.8.0 (Mar 10, 2015)
+* Remove path from CSP string (since CSP ignores paths). Add CSP rationale within comment
+* CB-8295 Fix CSP string, which had an invalid : in it
* added license header to config.xml
* added releasenotes.md
* removed version file, package.json can keep track of version
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org
[3/5] cordova-app-hello-world git commit: Remove path from CSP string
(since CSP ignores paths). Add CSP rationale within comment
Posted by st...@apache.org.
Remove path from CSP string (since CSP ignores paths). Add CSP rationale within comment
Project: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/commit/87da9747
Tree: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/tree/87da9747
Diff: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/diff/87da9747
Branch: refs/heads/3.8.x
Commit: 87da974703097d3f754bdb97968418877adcf399
Parents: a8cbbb5
Author: Andrew Grieve <ag...@chromium.org>
Authored: Thu Mar 12 13:33:29 2015 -0400
Committer: Steve Gill <st...@gmail.com>
Committed: Thu Mar 12 15:58:24 2015 -0700
----------------------------------------------------------------------
www/index.html | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/blob/87da9747/www/index.html
----------------------------------------------------------------------
diff --git a/www/index.html b/www/index.html
index 0f091de..c67c617 100644
--- a/www/index.html
+++ b/www/index.html
@@ -19,7 +19,16 @@
-->
<html>
<head>
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com/accessibility/javascript/android/; style-src 'self' 'unsafe-inline'; media-src *">
+ <!--
+ Customize this policy to fit your own app's needs. For more guidance, see:
+ https://github.com/apache/cordova-plugin-whitelist/blob/master/README.md#content-security-policy
+ Some notes:
+ * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
+ * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
+ * To enable use of inline JS, add 'unsafe-inline' to default-src
+ * To enable use of eval(), add 'unsafe-eval' to default-src
+ -->
+ <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
<meta name="format-detection" content="telephone=no">
<meta name="msapplication-tap-highlight" content="no">
<meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org
[5/5] cordova-app-hello-world git commit: Updated releasenotes
Posted by st...@apache.org.
Updated releasenotes
Project: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/commit/79448fd9
Tree: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/tree/79448fd9
Diff: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/diff/79448fd9
Branch: refs/heads/3.8.x
Commit: 79448fd995b545d159883f2ed20283696d7f2d48
Parents: d4ee2c6
Author: Steve Gill <st...@gmail.com>
Authored: Thu Mar 12 15:51:27 2015 -0700
Committer: Steve Gill <st...@gmail.com>
Committed: Thu Mar 12 15:58:40 2015 -0700
----------------------------------------------------------------------
RELEASENOTES.md | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/blob/79448fd9/RELEASENOTES.md
----------------------------------------------------------------------
diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index 37bac19..c52b1b4 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -21,6 +21,8 @@
# Release Notes
### 3.8.0 (Mar 10, 2015)
+* Remove path from CSP string (since CSP ignores paths). Add CSP rationale within comment
+* CB-8295 Fix CSP string, which had an invalid : in it
* added license header to config.xml
* added releasenotes.md
* removed version file, package.json can keep track of version
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org
[4/5] cordova-app-hello-world git commit: Another CSP comment tweak
Posted by st...@apache.org.
Another CSP comment tweak
Project: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/commit/d4ee2c66
Tree: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/tree/d4ee2c66
Diff: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/diff/d4ee2c66
Branch: refs/heads/3.8.x
Commit: d4ee2c6627c1eeabb8b64172369e54e012660838
Parents: 87da974
Author: Andrew Grieve <ag...@chromium.org>
Authored: Thu Mar 12 13:43:40 2015 -0400
Committer: Steve Gill <st...@gmail.com>
Committed: Thu Mar 12 15:58:33 2015 -0700
----------------------------------------------------------------------
www/index.html | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/blob/d4ee2c66/www/index.html
----------------------------------------------------------------------
diff --git a/www/index.html b/www/index.html
index c67c617..10dbeb6 100644
--- a/www/index.html
+++ b/www/index.html
@@ -25,8 +25,9 @@
Some notes:
* gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
* https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * To enable use of inline JS, add 'unsafe-inline' to default-src
- * To enable use of eval(), add 'unsafe-eval' to default-src
+ * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
+ * Enable inline JS: add 'unsafe-inline' to default-src
+ * Enable eval(): add 'unsafe-eval' to default-src
-->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
<meta name="format-detection" content="telephone=no">
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org
[2/5] cordova-app-hello-world git commit: CB-8295 Fix CSP string,
which had an invalid : in it
Posted by st...@apache.org.
CB-8295 Fix CSP string, which had an invalid : in it
Project: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/commit/a8cbbb55
Tree: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/tree/a8cbbb55
Diff: http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/diff/a8cbbb55
Branch: refs/heads/3.8.x
Commit: a8cbbb554d095b49f99de68004c411c6d7674933
Parents: 0b55140
Author: Andrew Grieve <ag...@chromium.org>
Authored: Wed Mar 11 21:13:28 2015 -0400
Committer: Steve Gill <st...@gmail.com>
Committed: Thu Mar 12 15:58:09 2015 -0700
----------------------------------------------------------------------
www/index.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-app-hello-world/blob/a8cbbb55/www/index.html
----------------------------------------------------------------------
diff --git a/www/index.html b/www/index.html
index 87a2bc8..0f091de 100644
--- a/www/index.html
+++ b/www/index.html
@@ -19,7 +19,7 @@
-->
<html>
<head>
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com/accessibility/javascript/android/; style-src 'self' 'unsafe-inline'; media-src: *">
+ <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com/accessibility/javascript/android/; style-src 'self' 'unsafe-inline'; media-src *">
<meta name="format-detection" content="telephone=no">
<meta name="msapplication-tap-highlight" content="no">
<meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org