From f111ea56ede97893c899481ee093b6a03504d7e0 Mon Sep 17 00:00:00 2001
From: Anis Kadri <anis.kadri@gmail.com>
Date: Mon, 29 Aug 2011 16:13:02 -0700
Subject: [PATCH] whitelist support

---
 framework/res/xml/phonegap.xml           |  4 ++
 framework/src/com/phonegap/DroidGap.java | 63 ++++++++++++++++++++++--
 2 files changed, 64 insertions(+), 3 deletions(-)
 create mode 100644 framework/res/xml/phonegap.xml

diff --git a/framework/res/xml/phonegap.xml b/framework/res/xml/phonegap.xml
new file mode 100644
index 00000000..5c6a441b
--- /dev/null
+++ b/framework/res/xml/phonegap.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<phonegap>
+    <access origin="http://127.0.0.1*"/>
+</phonegap>
diff --git a/framework/src/com/phonegap/DroidGap.java b/framework/src/com/phonegap/DroidGap.java
index 0b6b4d50..7dfcd4c8 100755
--- a/framework/src/com/phonegap/DroidGap.java
+++ b/framework/src/com/phonegap/DroidGap.java
@@ -9,6 +9,11 @@ package com.phonegap;
 
 import java.util.HashMap;
 import java.util.Map.Entry;
+import java.util.ArrayList;
+import java.util.regex.Pattern;
+import java.util.regex.Matcher;
+import java.util.Iterator;
+import java.io.IOException;
 
 import org.json.JSONArray;
 import org.json.JSONException;
@@ -23,6 +28,7 @@ import android.content.pm.ApplicationInfo;
 import android.content.pm.PackageManager;
 import android.content.pm.PackageManager.NameNotFoundException;
 import android.content.res.Configuration;
+import android.content.res.XmlResourceParser;
 import android.graphics.Color;
 import android.graphics.Rect;
 import android.media.AudioManager;
@@ -53,6 +59,8 @@ import com.phonegap.api.PhonegapActivity;
 import com.phonegap.api.IPlugin;
 import com.phonegap.api.PluginManager;
 
+import 	org.xmlpull.v1.XmlPullParserException;
+
 /**
  * This class is the main Android activity that represents the PhoneGap
  * application.  It should be extended by the user to load the specific
@@ -127,6 +135,8 @@ public class DroidGap extends PhonegapActivity {
     // The webview for our app
     protected WebView appView;
     protected WebViewClient webViewClient;
+    private ArrayList<Pattern> whiteList = new ArrayList<Pattern>();
+    
 
     protected LinearLayout root;
     public boolean bound = false;
@@ -209,6 +219,7 @@ public class DroidGap extends PhonegapActivity {
         }
         // Setup the hardware volume controls to handle volume control
         setVolumeControlStream(AudioManager.STREAM_MUSIC);
+        loadWhiteList();
     }
     
     /**
@@ -892,9 +903,22 @@ public class DroidGap extends PhonegapActivity {
             // Security check to make sure any requests are coming from the page initially
             // loaded in webview and not another loaded in an iframe.
             boolean reqOk = false;
-            if (url.indexOf(this.ctx.baseUrl) == 0) {
-                reqOk = true;
+            // looking for url in whitelist
+            boolean isUrlWhiteListed = false;
+            Iterator<Pattern> pit = whiteList.iterator();
+            while(pit.hasNext()) {
+              Pattern p = pit.next();
+              Matcher m = p.matcher(url);
+              if(m.find()) {
+                isUrlWhiteListed = true;
+                break;
+              }
             }
+
+            if (url.indexOf(this.ctx.baseUrl) == 0 || isUrlWhiteListed) {
+              reqOk = true;
+            }
+            
             
             // Calling PluginManager.exec() to call a native service using 
             // prompt(this.stringify(args), "gap:"+this.stringify([service, action, callbackId, true]));
@@ -1539,4 +1563,37 @@ public class DroidGap extends PhonegapActivity {
                 oldWidth = width;
             }
     }
-}
\ No newline at end of file
+  private void loadWhiteList() {
+    int id = getResources().getIdentifier("phonegap", "xml", getPackageName());
+    if (id == 0) {
+      Log.i("PhoneGapLog", "whitelist.xml missing. Ignoring...");
+      return;
+    }
+    XmlResourceParser xml = getResources().getXml(id);
+    int eventType = -1;
+    while (eventType != XmlResourceParser.END_DOCUMENT) {
+      if (eventType == XmlResourceParser.START_TAG) {
+        String strNode = xml.getName();
+        if (strNode.equals("access")) {
+          String origin = xml.getAttributeValue(null, "origin");
+          String subdomains = xml.getAttributeValue(null, "subdomains");
+          if(subdomains != null && subdomains.compareToIgnoreCase("true") == 0) {
+            Log.d("PhoneGapLog", "Origin to allow with subdomains: "+origin);
+            whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://.*")));
+          } else {
+            Log.d("PhoneGapLog", "Origin to allow: "+origin);
+            whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://")));
+          }
+        }
+      }
+      try {
+        eventType = xml.next();
+      } catch (XmlPullParserException e) {
+        e.printStackTrace();
+      } catch (IOException e) {
+        e.printStackTrace();
+      }
+    }
+  }
+    
+}