You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cordova.apache.org by "Mike Billau (JIRA)" <ji...@apache.org> on 2014/05/20 21:08:44 UTC

[jira] [Commented] (CB-2179) Warn developers about including third-party content in their apps.

    [ https://issues.apache.org/jira/browse/CB-2179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14003838#comment-14003838 ] 

Mike Billau commented on CB-2179:
---------------------------------

Added a new Security guide, documented that they should use InAppBrowser for any and all third party content and explained that otherwise, those third party pages will have access to the bridge.
https://git-wip-us.apache.org/repos/asf?p=cordova-docs.git;a=commit;h=7e6d5b9bc51c5249f20f7c3f2493923d609c7418

> Warn developers about including third-party content in their apps.
> ------------------------------------------------------------------
>
>                 Key: CB-2179
>                 URL: https://issues.apache.org/jira/browse/CB-2179
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Docs
>    Affects Versions: 2.4.0, 2.5.0, 2.6.0
>            Reporter: Andrew Grieve
>            Assignee: Andrew Grieve
>            Priority: Minor
>             Fix For: 3.5.0
>
>
> We expose our native APIs to iframes as well as top-level content, so we should warn against using iframes for third-party code.
> Might make sense to change "Domain Whitelist Guide" -> "Security & Whitelist Guide" and then add a section to it about the dangers of embedding untrusted content.



--
This message was sent by Atlassian JIRA
(v6.2#6252)