github/apache-cordova-plugin-inappbrowser
github/apache-cordova-plugin-inappbrowser
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(android): Add mitigation strategy for CVE-2020-6506 (#792)

Browse Source
This commit is contained in:
Carl Poole 2020-11-17 10:32:05 -06:00 committed by GitHub
parent 2e6d63751f
commit e1d0777ea0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/android/InAppBrowser.java
View File

@ -1042,6 +1042,9 @@ public class InAppBrowser extends CordovaPlugin {
inAppWebView.setId(Integer.valueOf(6)); inAppWebView.setId(Integer.valueOf(6));
inAppWebView.getSettings().setLoadWithOverviewMode(true); inAppWebView.getSettings().setLoadWithOverviewMode(true);
inAppWebView.getSettings().setUseWideViewPort(useWideViewPort); inAppWebView.getSettings().setUseWideViewPort(useWideViewPort);
// Multiple Windows set to true to mitigate Chromium security bug.
// See: https://bugs.chromium.org/p/chromium/issues/detail?id=1083819
inAppWebView.getSettings().setSupportMultipleWindows(true);
inAppWebView.requestFocus(); inAppWebView.requestFocus();
inAppWebView.requestFocusFromTouch(); inAppWebView.requestFocusFromTouch();

45
src/android/InAppChromeClient.java
View File

@ -24,8 +24,12 @@ import org.apache.cordova.PluginResult;
import org.json.JSONArray; import org.json.JSONArray;
import org.json.JSONException; import org.json.JSONException;
import android.annotation.TargetApi;
import android.os.Build;
import android.os.Message;
import android.webkit.JsPromptResult; import android.webkit.JsPromptResult;
import android.webkit.WebChromeClient; import android.webkit.WebChromeClient;
import android.webkit.WebResourceRequest;
import android.webkit.WebStorage; import android.webkit.WebStorage;
import android.webkit.WebView; import android.webkit.WebView;
import android.webkit.WebViewClient; import android.webkit.WebViewClient;
@ -135,4 +139,45 @@ public class InAppChromeClient extends WebChromeClient {
return false; return false;
} }
/**
* The InAppWebBrowser WebView is configured to MultipleWindow mode to mitigate a security
* bug found in Chromium prior to version 83.0.4103.106.
* See https://bugs.chromium.org/p/chromium/issues/detail?id=1083819
*
* Valid Urls set to open in new window will be routed back to load in the original WebView.
*
* @param view
* @param isDialog
* @param isUserGesture
* @param resultMsg
* @return
*/
@Override
public boolean onCreateWindow(WebView view, boolean isDialog, boolean isUserGesture, Message resultMsg) {
WebView inAppWebView = view;
final WebViewClient webViewClient =
new WebViewClient() {
@TargetApi(Build.VERSION_CODES.LOLLIPOP)
@Override
public boolean shouldOverrideUrlLoading(WebView view, WebResourceRequest request) {
inAppWebView.loadUrl(request.getUrl().toString());
return true;
}
@Override
public boolean shouldOverrideUrlLoading(WebView view, String url) {
inAppWebView.loadUrl(url);
return true;
}
};
final WebView newWebView = new WebView(view.getContext());
newWebView.setWebViewClient(webViewClient);
final WebView.WebViewTransport transport = (WebView.WebViewTransport) resultMsg.obj;
transport.setWebView(newWebView);
resultMsg.sendToTarget();
return true;
}
} }