From 032ea8a8d386d8bcffc5de7fd3e4202478effb7d Mon Sep 17 00:00:00 2001
From: Andrew Grieve <agrieve@chromium.org>
Date: Tue, 4 Nov 2014 15:57:51 -0500
Subject: [PATCH] CB-7940 Disable exec bridge if bridgeSecret is wrong

---
 framework/src/org/apache/cordova/CordovaBridge.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/framework/src/org/apache/cordova/CordovaBridge.java b/framework/src/org/apache/cordova/CordovaBridge.java
index f3e48b69..becbd529 100644
--- a/framework/src/org/apache/cordova/CordovaBridge.java
+++ b/framework/src/org/apache/cordova/CordovaBridge.java
@@ -99,6 +99,8 @@ public class CordovaBridge {
         }
         // Bridge secret wrong and bridge not due to it being from the previous page.
         if (expectedBridgeSecret < 0 || bridgeSecret != expectedBridgeSecret) {
+            Log.e(LOG_TAG, "Bridge access attempt with wrong secret token, possibly from malicious code. Disabling exec() bridge!");
+            clearBridgeSecret();
             throw new IllegalAccessException();
         }
         return true;