diff --git a/framework/src/org/apache/cordova/Config.java b/framework/src/org/apache/cordova/Config.java index dfb039d8..c13d3972 100644 --- a/framework/src/org/apache/cordova/Config.java +++ b/framework/src/org/apache/cordova/Config.java @@ -22,6 +22,7 @@ package org.apache.cordova; import android.app.Activity; import android.util.Log; +@Deprecated // Use Whitelist, CordovaPrefences, etc. directly. public class Config { private static final String TAG = "Config"; @@ -82,4 +83,8 @@ public class Config { public static String getErrorUrl() { return parser.getPreferences().getString("errorurl", null); } + + public static Whitelist getWhitelist() { + return parser.getWhitelist(); + } } diff --git a/framework/src/org/apache/cordova/CordovaActivity.java b/framework/src/org/apache/cordova/CordovaActivity.java index d3cc9c65..0d079576 100755 --- a/framework/src/org/apache/cordova/CordovaActivity.java +++ b/framework/src/org/apache/cordova/CordovaActivity.java @@ -227,7 +227,7 @@ public class CordovaActivity extends Activity implements CordovaInterface { } appView = makeWebView(); - appView.init(this, makeWebViewClient(appView), makeChromeClient(appView), pluginEntries); + appView.init(this, makeWebViewClient(appView), makeChromeClient(appView), pluginEntries, whitelist); // TODO: Have the views set this themselves. if (preferences.getBoolean("DisallowOverscroll", false)) { @@ -844,8 +844,9 @@ public class CordovaActivity extends Activity implements CordovaInterface { /** * Determine if URL is in approved list of URLs to load. */ + @Deprecated // Use whitelist object directly. public boolean isUrlWhiteListed(String url) { - return Config.isUrlWhiteListed(url); + return whitelist.isUrlWhiteListed(url); } /* diff --git a/framework/src/org/apache/cordova/CordovaChromeClient.java b/framework/src/org/apache/cordova/CordovaChromeClient.java index 0337098b..cebabba2 100755 --- a/framework/src/org/apache/cordova/CordovaChromeClient.java +++ b/framework/src/org/apache/cordova/CordovaChromeClient.java @@ -240,11 +240,10 @@ public class CordovaChromeClient extends WebChromeClient { } else if (defaultValue != null && defaultValue.startsWith("gap_init:")) { - String startUrl = Config.getStartUrl(); // Protect against random iframes being able to talk through the bridge. // Trust only file URLs and the start URL's domain. // The extra origin.startsWith("http") is to protect against iframes with data: having "" as origin. - if (origin.startsWith("file:") || (origin.startsWith("http") && startUrl.startsWith(origin))) { + if (origin.startsWith("file:") || (origin.startsWith("http") && appView.loadedUrl.startsWith(origin))) { // Enable the bridge int bridgeMode = Integer.parseInt(defaultValue.substring(9)); appView.jsMessageQueue.setBridgeMode(bridgeMode); diff --git a/framework/src/org/apache/cordova/CordovaUriHelper.java b/framework/src/org/apache/cordova/CordovaUriHelper.java index a6a0dcc9..f189f1ce 100644 --- a/framework/src/org/apache/cordova/CordovaUriHelper.java +++ b/framework/src/org/apache/cordova/CordovaUriHelper.java @@ -49,7 +49,7 @@ class CordovaUriHelper { if(url.startsWith("http:") || url.startsWith("https:")) { // We only need to whitelist sites on the Internet! - if(Config.isUrlWhiteListed(url)) + if(appView.getWhitelist().isUrlWhiteListed(url)) { return false; } diff --git a/framework/src/org/apache/cordova/CordovaWebView.java b/framework/src/org/apache/cordova/CordovaWebView.java index 4650588a..fb442cc8 100755 --- a/framework/src/org/apache/cordova/CordovaWebView.java +++ b/framework/src/org/apache/cordova/CordovaWebView.java @@ -26,12 +26,6 @@ import java.util.HashSet; import java.util.List; import java.util.Locale; -import org.apache.cordova.Config; -import org.apache.cordova.CordovaInterface; -import org.apache.cordova.LOG; -import org.apache.cordova.PluginManager; -import org.apache.cordova.PluginResult; - import android.annotation.SuppressLint; import android.annotation.TargetApi; import android.content.BroadcastReceiver; @@ -80,11 +74,8 @@ public class CordovaWebView extends WebView { /** Activities and other important classes **/ private CordovaInterface cordova; CordovaWebViewClient viewClient; - @SuppressWarnings("unused") private CordovaChromeClient chromeClient; - private String url; - // Flag to track that a loadUrl timeout occurred int loadUrlTimeout = 0; @@ -97,9 +88,10 @@ public class CordovaWebView extends WebView { private View mCustomView; private WebChromeClient.CustomViewCallback mCustomViewCallback; - private ActivityResult mResult = null; - private CordovaResourceApi resourceApi; + private Whitelist whitelist; + // The URL passed to loadUrl(), not necessarily the URL of the current page. + String loadedUrl; class ActivityResult { @@ -142,13 +134,15 @@ public class CordovaWebView extends WebView { } // Use two-phase init so that the control will work with XML layouts. - public void init(CordovaInterface cordova, CordovaWebViewClient webViewClient, CordovaChromeClient webChromeClient, List pluginEntries) { + public void init(CordovaInterface cordova, CordovaWebViewClient webViewClient, CordovaChromeClient webChromeClient, + List pluginEntries, Whitelist whitelist) { if (this.cordova != null) { throw new IllegalStateException(); } this.cordova = cordova; this.viewClient = webViewClient; this.chromeClient = webChromeClient; + this.whitelist = whitelist; super.setWebChromeClient(webChromeClient); super.setWebViewClient(webViewClient); @@ -310,6 +304,11 @@ public class CordovaWebView extends WebView { return this.chromeClient; } + + public Whitelist getWhitelist() { + return this.whitelist; + } + /** * Load the url into the webview. * @@ -357,7 +356,7 @@ public class CordovaWebView extends WebView { LOG.d(TAG, ">>> loadUrl(" + url + ")"); if (recreatePlugins) { - this.url = url; + this.loadedUrl = url; this.pluginManager.init(); } @@ -413,7 +412,7 @@ public class CordovaWebView extends WebView { if (LOG.isLoggable(LOG.DEBUG) && !url.startsWith("javascript:")) { LOG.d(TAG, ">>> loadUrlNow()"); } - if (url.startsWith("file://") || url.startsWith("javascript:") || Config.isUrlWhiteListed(url)) { + if (url.startsWith("file://") || url.startsWith("javascript:") || whitelist.isUrlWhiteListed(url)) { super.loadUrl(url); } } @@ -549,7 +548,7 @@ public class CordovaWebView extends WebView { if (!openExternal) { // Make sure url is in whitelist - if (url.startsWith("file://") || Config.isUrlWhiteListed(url)) { + if (url.startsWith("file://") || whitelist.isUrlWhiteListed(url)) { // TODO: What about params? // Load new URL this.loadUrl(url); @@ -897,8 +896,8 @@ public class CordovaWebView extends WebView { return myList; } + @Deprecated // This never did anything public void storeResult(int requestCode, int resultCode, Intent intent) { - mResult = new ActivityResult(requestCode, resultCode, intent); } public CordovaResourceApi getResourceApi() { diff --git a/framework/src/org/apache/cordova/IceCreamCordovaWebViewClient.java b/framework/src/org/apache/cordova/IceCreamCordovaWebViewClient.java index 67793d73..27bb5ef8 100644 --- a/framework/src/org/apache/cordova/IceCreamCordovaWebViewClient.java +++ b/framework/src/org/apache/cordova/IceCreamCordovaWebViewClient.java @@ -77,7 +77,7 @@ public class IceCreamCordovaWebViewClient extends CordovaWebViewClient { } private boolean isUrlHarmful(String url) { - return ((url.startsWith("http:") || url.startsWith("https:")) && !Config.isUrlWhiteListed(url)) + return ((url.startsWith("http:") || url.startsWith("https:")) && !appView.getWhitelist().isUrlWhiteListed(url)) || url.contains("app_webview"); }