You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ag...@apache.org on 2015/03/03 03:40:56 UTC
[2/4] android commit: CB-8587 Don't allow webview navigations within
showWebPage that are not whitelisted
CB-8587 Don't allow webview navigations within showWebPage that are not whitelisted
Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/af2969de
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/af2969de
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/af2969de
Branch: refs/heads/master
Commit: af2969dec58ca89150b84b5d57edcf63d4ce1302
Parents: 53dba86
Author: Andrew Grieve <ag...@chromium.org>
Authored: Mon Mar 2 21:00:22 2015 -0500
Committer: Andrew Grieve <ag...@chromium.org>
Committed: Mon Mar 2 21:04:20 2015 -0500
----------------------------------------------------------------------
framework/src/org/apache/cordova/CordovaWebViewImpl.java | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cordova-android/blob/af2969de/framework/src/org/apache/cordova/CordovaWebViewImpl.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/CordovaWebViewImpl.java b/framework/src/org/apache/cordova/CordovaWebViewImpl.java
index d3f5ec9..a7dd41a 100644
--- a/framework/src/org/apache/cordova/CordovaWebViewImpl.java
+++ b/framework/src/org/apache/cordova/CordovaWebViewImpl.java
@@ -209,7 +209,7 @@ public class CordovaWebViewImpl implements CordovaWebView {
@Override
public void showWebPage(String url, boolean openExternal, boolean clearHistory, Map<String, Object> params) {
- LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap", url, openExternal, clearHistory);
+ LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap)", url, openExternal, clearHistory);
// If clearing history
if (clearHistory) {
@@ -223,10 +223,13 @@ public class CordovaWebViewImpl implements CordovaWebView {
// TODO: What about params?
// Load new URL
loadUrlIntoView(url, true);
- return;
+ } else {
+ LOG.w(TAG, "showWebPage: Refusing to load URL into webview since it is not in the <allow-navigation> whitelist. URL=" + url);
}
- // Load in default viewer if not
- LOG.w(TAG, "showWebPage: Cannot load URL into webview since it is not in white list. Loading into browser instead. (URL=" + url + ")");
+ }
+ if (!pluginManager.shouldOpenExternalUrl(url)) {
+ LOG.w(TAG, "showWebPage: Refusing to send intent for URL since it is not in the <allow-intent> whitelist. URL=" + url);
+ return;
}
try {
// Omitting the MIME type for file: URLs causes "No Activity found to handle Intent".
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org