github/cordova-android
github/cordova-android
4
0
Fork 1
mirror of https://github.com/apache/cordova-android.git synced 2025-04-28 05:50:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

CB-7940 Disable exec bridge if bridgeSecret is wrong

Browse Source
This commit is contained in:
Andrew Grieve 2014-11-04 15:57:51 -05:00
parent fc63f66e89
commit 032ea8a8d3
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
framework/src/org/apache/cordova/CordovaBridge.java
View File

@ -99,6 +99,8 @@ public class CordovaBridge {
} }
// Bridge secret wrong and bridge not due to it being from the previous page. // Bridge secret wrong and bridge not due to it being from the previous page.
if (expectedBridgeSecret < 0 || bridgeSecret != expectedBridgeSecret) { if (expectedBridgeSecret < 0 || bridgeSecret != expectedBridgeSecret) {
Log.e(LOG_TAG, "Bridge access attempt with wrong secret token, possibly from malicious code. Disabling exec() bridge!");
clearBridgeSecret();
throw new IllegalAccessException(); throw new IllegalAccessException();
} }
return true; return true;