github/cordova-android
github/cordova-android
3
0
Fork 1
mirror of https://github.com/apache/cordova-android.git synced 2025-01-19 15:12:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove explicit whitelisting of content: in CordovaBridge

Browse Source 
It was redundant since we now check if the URL should be allowed to
be navigated to.
This commit is contained in:
Andrew Grieve 2015-02-19 10:06:36 -05:00
parent f1d4c01190
commit 11d6b8029f
2 changed files with 4 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
framework/src/org/apache/cordova/AndroidWebView.java
View File

@ -780,7 +780,7 @@ public class AndroidWebView extends WebView implements CordovaWebView {
void onPageReset() { void onPageReset() {
boundKeyCodes.clear(); boundKeyCodes.clear();
pluginManager.onReset(); pluginManager.onReset();
bridge.reset(loadedUrl); bridge.reset();
} }
@Override @Override

14
framework/src/org/apache/cordova/CordovaBridge.java
View File

@ -20,7 +20,6 @@ package org.apache.cordova;
import java.security.SecureRandom; import java.security.SecureRandom;
import org.apache.cordova.PluginManager;
import org.json.JSONArray; import org.json.JSONArray;
import org.json.JSONException; import org.json.JSONException;
@ -36,13 +35,10 @@ public class CordovaBridge {
private PluginManager pluginManager; private PluginManager pluginManager;
private NativeToJsMessageQueue jsMessageQueue; private NativeToJsMessageQueue jsMessageQueue;
private volatile int expectedBridgeSecret = -1; // written by UI thread, read by JS thread. private volatile int expectedBridgeSecret = -1; // written by UI thread, read by JS thread.
private String loadedUrl;
private String appContentUrlPrefix;
public CordovaBridge(PluginManager pluginManager, NativeToJsMessageQueue jsMessageQueue, String packageName) { public CordovaBridge(PluginManager pluginManager, NativeToJsMessageQueue jsMessageQueue, String packageName) {
this.pluginManager = pluginManager; this.pluginManager = pluginManager;
this.jsMessageQueue = jsMessageQueue; this.jsMessageQueue = jsMessageQueue;
this.appContentUrlPrefix = "content://" + packageName + ".";
} }
public String jsExec(int bridgeSecret, String service, String action, String callbackId, String arguments) throws JSONException, IllegalAccessException { public String jsExec(int bridgeSecret, String service, String action, String callbackId, String arguments) throws JSONException, IllegalAccessException {
@ -118,10 +114,9 @@ public class CordovaBridge {
return expectedBridgeSecret; return expectedBridgeSecret;
} }
public void reset(String loadedUrl) { public void reset() {
jsMessageQueue.reset(); jsMessageQueue.reset();
clearBridgeSecret(); clearBridgeSecret();
this.loadedUrl = loadedUrl;
} }
public String promptOnJsPrompt(String origin, String message, String defaultValue) { public String promptOnJsPrompt(String origin, String message, String defaultValue) {
@ -167,11 +162,8 @@ public class CordovaBridge {
} }
else if (defaultValue != null && defaultValue.startsWith("gap_init:")) { else if (defaultValue != null && defaultValue.startsWith("gap_init:")) {
// Protect against random iframes being able to talk through the bridge. // Protect against random iframes being able to talk through the bridge.
// Trust only file URLs and pages which the app would have been allowed // Trust only pages which the app would have been allowed to navigate to anyway.
// to navigate to anyway. if (pluginManager.shouldAllowNavigation(origin)) {
if (origin.startsWith("file:") ||
origin.startsWith(this.appContentUrlPrefix) ||
pluginManager.shouldAllowNavigation(origin)) {
// Enable the bridge // Enable the bridge
int bridgeMode = Integer.parseInt(defaultValue.substring(9)); int bridgeMode = Integer.parseInt(defaultValue.substring(9));
jsMessageQueue.setBridgeMode(bridgeMode); jsMessageQueue.setBridgeMode(bridgeMode);