github/cordova-android
github/cordova-android
3
0
Fork 1
mirror of https://github.com/apache/cordova-android.git synced 2025-01-19 07:02:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

CB-7291: Restrict meaning of "*" in internal whitelist to just http and https

Browse Source
This commit is contained in:
Ian Clelland 2014-08-26 14:58:00 -04:00
parent 3b3bd9b6c9
commit 6e222c3938
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
framework/src/org/apache/cordova/ConfigXmlParser.java
View File

@ -118,11 +118,19 @@ public class ConfigXmlParser {
if (origin != null) { if (origin != null) {
if (external) { if (external) {
externalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0)); externalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0));
} else {
if ("*".equals(origin)) {
// Special-case * origin to mean http and https when used for internal
// whitelist. This prevents external urls like sms: and geo: from being
// handled internally.
internalWhitelist.addWhiteListEntry("http://*/*", false);
internalWhitelist.addWhiteListEntry("https://*/*", false);
} else { } else {
internalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0)); internalWhitelist.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0));
} }
} }
} }
}
else if (strNode.equals("preference")) { else if (strNode.equals("preference")) {
String name = xml.getAttributeValue(null, "name").toLowerCase(Locale.ENGLISH); String name = xml.getAttributeValue(null, "name").toLowerCase(Locale.ENGLISH);
String value = xml.getAttributeValue(null, "value"); String value = xml.getAttributeValue(null, "value");