github/apache-cordova-plugin-inappbrowser
github/apache-cordova-plugin-inappbrowser
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prevent malformed callbackId from reaching app cordova view

Browse Source
This commit is contained in:
Jesse MacFadyen 2019-02-28 14:52:01 -08:00
parent 92243cdcc2
commit 686108484e
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/android/InAppChromeClient.java
View File

@ -104,7 +104,7 @@ public class InAppChromeClient extends WebChromeClient {
if(defaultValue.startsWith("gap-iab://")) {
PluginResult scriptResult;
String scriptCallbackId = defaultValue.substring(10);
if (scriptCallbackId.startsWith("InAppBrowser")) {
if (scriptCallbackId.matches("^InAppBrowser[0-9]{1,10}$")) {
if(message == null || message.length() == 0) {
scriptResult = new PluginResult(PluginResult.Status.OK, new JSONArray());
} else {
@ -118,9 +118,14 @@ public class InAppChromeClient extends WebChromeClient {
result.confirm("");
return true;
}
else {
// Anything else that doesn't look like InAppBrowser0123456789 should end up here
LOG.w(LOG_TAG, "InAppBrowser callback called with invalid callbackId : "+ scriptCallbackId);
result.cancel();
return true;
}
}
else
{
else {
// Anything else with a gap: prefix should get this message
LOG.w(LOG_TAG, "InAppBrowser does not support Cordova API calls: " + url + " " + defaultValue);
result.cancel();