github/cordova-android
github/cordova-android
3
0
Fork 1
mirror of https://github.com/apache/cordova-android.git synced 2025-02-26 20:33:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

CB-8587 Don't allow webview navigations within showWebPage that are not whitelisted

Browse Source
This commit is contained in:
Andrew Grieve 2015-03-02 21:00:22 -05:00
parent 53dba8678c
commit af2969dec5
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
framework/src/org/apache/cordova/CordovaWebViewImpl.java
View File

@ -209,7 +209,7 @@ public class CordovaWebViewImpl implements CordovaWebView {
@Override @Override
public void showWebPage(String url, boolean openExternal, boolean clearHistory, Map<String, Object> params) { public void showWebPage(String url, boolean openExternal, boolean clearHistory, Map<String, Object> params) {
LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap", url, openExternal, clearHistory); LOG.d(TAG, "showWebPage(%s, %b, %b, HashMap)", url, openExternal, clearHistory);
// If clearing history // If clearing history
if (clearHistory) { if (clearHistory) {
@ -223,10 +223,13 @@ public class CordovaWebViewImpl implements CordovaWebView {
// TODO: What about params? // TODO: What about params?
// Load new URL // Load new URL
loadUrlIntoView(url, true); loadUrlIntoView(url, true);
return; } else {
LOG.w(TAG, "showWebPage: Refusing to load URL into webview since it is not in the <allow-navigation> whitelist. URL=" + url);
} }
// Load in default viewer if not }
LOG.w(TAG, "showWebPage: Cannot load URL into webview since it is not in white list. Loading into browser instead. (URL=" + url + ")"); if (!pluginManager.shouldOpenExternalUrl(url)) {
LOG.w(TAG, "showWebPage: Refusing to send intent for URL since it is not in the <allow-intent> whitelist. URL=" + url);
return;
} }
try { try {
// Omitting the MIME type for file: URLs causes "No Activity found to handle Intent". // Omitting the MIME type for file: URLs causes "No Activity found to handle Intent".