github/cordova-android
github/cordova-android
3
0
Fork 1
mirror of https://github.com/apache/cordova-android.git synced 2025-02-12 10:42:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

Removing addJavascriptInterface support from all Android versions lower than 4.2 due to security vulnerability

Browse Source
This commit is contained in:
Joe Bowser 2014-02-03 10:11:53 -08:00
parent 6760d0378a
commit 8f54290eec
1 changed files with 2 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
framework/src/org/apache/cordova/CordovaWebView.java
View File

@ -361,18 +361,13 @@ public class CordovaWebView extends WebView {
private void exposeJsInterface() { private void exposeJsInterface() {
int SDK_INT = Build.VERSION.SDK_INT; int SDK_INT = Build.VERSION.SDK_INT;
boolean isHoneycomb = (SDK_INT >= Build.VERSION_CODES.HONEYCOMB && SDK_INT <= Build.VERSION_CODES.HONEYCOMB_MR2); if ((SDK_INT < Build.VERSION_CODES.JELLY_BEAN_MR1)) {
if (isHoneycomb || (SDK_INT < Build.VERSION_CODES.GINGERBREAD)) {
Log.i(TAG, "Disabled addJavascriptInterface() bridge since Android version is old."); Log.i(TAG, "Disabled addJavascriptInterface() bridge since Android version is old.");
// Bug being that Java Strings do not get converted to JS strings automatically. // Bug being that Java Strings do not get converted to JS strings automatically.
// This isn't hard to work-around on the JS side, but it's easier to just // This isn't hard to work-around on the JS side, but it's easier to just
// use the prompt bridge instead. // use the prompt bridge instead.
return; return;
} else if (SDK_INT < Build.VERSION_CODES.HONEYCOMB && Build.MANUFACTURER.equals("unknown")) { }
// addJavascriptInterface crashes on the 2.3 emulator.
Log.i(TAG, "Disabled addJavascriptInterface() bridge callback due to a bug on the 2.3 emulator");
return;
}
this.addJavascriptInterface(exposedJsApi, "_cordovaNative"); this.addJavascriptInterface(exposedJsApi, "_cordovaNative");
} }