github/cordova-android
github/cordova-android
3
0
Fork 1
mirror of https://github.com/apache/cordova-android.git synced 2025-02-26 03:53:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

CB-8587 Don't allow webview navigations within showWebPage that are not whitelisted

Browse Source
This commit is contained in:
Andrew Grieve 2015-03-02 21:00:22 -05:00
parent 53dba8678c
commit af2969dec5
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
framework/src/org/apache/cordova/CordovaWebViewImpl.java
View File

@ -209,7 +209,7 @@ public class CordovaWebViewImpl implements CordovaWebView {
@Override
public void showWebPage(String url, boolean openExternal, boolean clearHistory, Map<String, Object> params) {
LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap", url, openExternal, clearHistory);
LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap)", url, openExternal, clearHistory);
// If clearing history
if (clearHistory) {
@ -223,10 +223,13 @@ public class CordovaWebViewImpl implements CordovaWebView {
// TODO: What about params?
// Load new URL
loadUrlIntoView(url, true);
return;
} else {
LOG.w(TAG, "showWebPage: Refusing to load URL into webview since it is not in the <allow-navigation> whitelist. URL=" + url);
}
// Load in default viewer if not
LOG.w(TAG, "showWebPage: Cannot load URL into webview since it is not in white list. Loading into browser instead. (URL=" + url + ")");
}
if (!pluginManager.shouldOpenExternalUrl(url)) {
LOG.w(TAG, "showWebPage: Refusing to send intent for URL since it is not in the <allow-intent> whitelist. URL=" + url);
return;
}
try {
// Omitting the MIME type for file: URLs causes "No Activity found to handle Intent".