From a8bec4ec9c5702fd2fd00843dd3e4f5aafec0f76 Mon Sep 17 00:00:00 2001 From: Ian Clelland Date: Wed, 11 Feb 2015 16:19:54 -0500 Subject: [PATCH] Remove redundant whitelist checks --- framework/src/org/apache/cordova/CordovaActivity.java | 5 +---- framework/src/org/apache/cordova/CordovaBridge.java | 3 --- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/framework/src/org/apache/cordova/CordovaActivity.java b/framework/src/org/apache/cordova/CordovaActivity.java index 368671d0..bc262a6c 100755 --- a/framework/src/org/apache/cordova/CordovaActivity.java +++ b/framework/src/org/apache/cordova/CordovaActivity.java @@ -351,10 +351,7 @@ public class CordovaActivity extends Activity { // If errorUrl specified, then load it final String errorUrl = preferences.getString("errorUrl", null); CordovaUriHelper helper = new CordovaUriHelper(this.cordovaInterface, appView); - if ((errorUrl != null) && - (!failingUrl.equals(errorUrl)) && - (appView != null && helper.shouldAllowNavigation(errorUrl)) - ) { + if ((errorUrl != null) && (!failingUrl.equals(errorUrl)) && (appView != null)) { // Load URL on UI thread me.runOnUiThread(new Runnable() { public void run() { diff --git a/framework/src/org/apache/cordova/CordovaBridge.java b/framework/src/org/apache/cordova/CordovaBridge.java index f581cf01..a6a97dfb 100644 --- a/framework/src/org/apache/cordova/CordovaBridge.java +++ b/framework/src/org/apache/cordova/CordovaBridge.java @@ -171,11 +171,8 @@ public class CordovaBridge { // Protect against random iframes being able to talk through the bridge. // Trust only file URLs and pages which the app would have been allowed // to navigate to anyway. - // Trust only file URLs and the start URL's domain. - // The extra origin.startsWith("http") is to protect against iframes with data: having "" as origin. if (origin.startsWith("file:") || origin.startsWith(this.appContentUrlPrefix) || - (origin.startsWith("http") && loadedUrl.startsWith(origin)) || helper.shouldAllowNavigation(origin)) { // Enable the bridge int bridgeMode = Integer.parseInt(defaultValue.substring(9));