You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cordova.apache.org by ag...@apache.org on 2015/03/03 03:40:56 UTC

[2/4] android commit: CB-8587 Don't allow webview navigations within showWebPage that are not whitelisted

CB-8587 Don't allow webview navigations within showWebPage that are not whitelisted


Project: http://git-wip-us.apache.org/repos/asf/cordova-android/repo
Commit: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/af2969de
Tree: http://git-wip-us.apache.org/repos/asf/cordova-android/tree/af2969de
Diff: http://git-wip-us.apache.org/repos/asf/cordova-android/diff/af2969de

Branch: refs/heads/master
Commit: af2969dec58ca89150b84b5d57edcf63d4ce1302
Parents: 53dba86
Author: Andrew Grieve <ag...@chromium.org>
Authored: Mon Mar 2 21:00:22 2015 -0500
Committer: Andrew Grieve <ag...@chromium.org>
Committed: Mon Mar 2 21:04:20 2015 -0500

----------------------------------------------------------------------
 framework/src/org/apache/cordova/CordovaWebViewImpl.java | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-android/blob/af2969de/framework/src/org/apache/cordova/CordovaWebViewImpl.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/CordovaWebViewImpl.java b/framework/src/org/apache/cordova/CordovaWebViewImpl.java
index d3f5ec9..a7dd41a 100644
--- a/framework/src/org/apache/cordova/CordovaWebViewImpl.java
+++ b/framework/src/org/apache/cordova/CordovaWebViewImpl.java
@@ -209,7 +209,7 @@ public class CordovaWebViewImpl implements CordovaWebView {
 
     @Override
     public void showWebPage(String url, boolean openExternal, boolean clearHistory, Map<String, Object> params) {
-        LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap", url, openExternal, clearHistory);
+        LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap)", url, openExternal, clearHistory);
 
         // If clearing history
         if (clearHistory) {
@@ -223,10 +223,13 @@ public class CordovaWebViewImpl implements CordovaWebView {
                 // TODO: What about params?
                 // Load new URL
                 loadUrlIntoView(url, true);
-                return;
+            } else {
+                LOG.w(TAG, "showWebPage: Refusing to load URL into webview since it is not in the <allow-navigation> whitelist. URL=" + url);
             }
-            // Load in default viewer if not
-            LOG.w(TAG, "showWebPage: Cannot load URL into webview since it is not in white list.  Loading into browser instead. (URL=" + url + ")");
+        }
+        if (!pluginManager.shouldOpenExternalUrl(url)) {
+            LOG.w(TAG, "showWebPage: Refusing to send intent for URL since it is not in the <allow-intent> whitelist. URL=" + url);
+            return;
         }
         try {
             // Omitting the MIME type for file: URLs causes "No Activity found to handle Intent".


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cordova.apache.org
For additional commands, e-mail: commits-help@cordova.apache.org