From af2969dec58ca89150b84b5d57edcf63d4ce1302 Mon Sep 17 00:00:00 2001
From: Andrew Grieve <agrieve@chromium.org>
Date: Mon, 2 Mar 2015 21:00:22 -0500
Subject: [PATCH] CB-8587 Don't allow webview navigations within showWebPage
 that are not whitelisted

---
 .../src/org/apache/cordova/CordovaWebViewImpl.java    | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/framework/src/org/apache/cordova/CordovaWebViewImpl.java b/framework/src/org/apache/cordova/CordovaWebViewImpl.java
index d3f5ec9b..a7dd41a9 100644
--- a/framework/src/org/apache/cordova/CordovaWebViewImpl.java
+++ b/framework/src/org/apache/cordova/CordovaWebViewImpl.java
@@ -209,7 +209,7 @@ public class CordovaWebViewImpl implements CordovaWebView {
 
     @Override
     public void showWebPage(String url, boolean openExternal, boolean clearHistory, Map<String, Object> params) {
-        LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap", url, openExternal, clearHistory);
+        LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap)", url, openExternal, clearHistory);
 
         // If clearing history
         if (clearHistory) {
@@ -223,10 +223,13 @@ public class CordovaWebViewImpl implements CordovaWebView {
                 // TODO: What about params?
                 // Load new URL
                 loadUrlIntoView(url, true);
-                return;
+            } else {
+                LOG.w(TAG, "showWebPage: Refusing to load URL into webview since it is not in the <allow-navigation> whitelist. URL=" + url);
             }
-            // Load in default viewer if not
-            LOG.w(TAG, "showWebPage: Cannot load URL into webview since it is not in white list.  Loading into browser instead. (URL=" + url + ")");
+        }
+        if (!pluginManager.shouldOpenExternalUrl(url)) {
+            LOG.w(TAG, "showWebPage: Refusing to send intent for URL since it is not in the <allow-intent> whitelist. URL=" + url);
+            return;
         }
         try {
             // Omitting the MIME type for file: URLs causes "No Activity found to handle Intent".