From fc63f66e8970ab537dda1397a6b58e6d61252c17 Mon Sep 17 00:00:00 2001 From: Ian Clelland Date: Mon, 27 Oct 2014 15:26:38 -0400 Subject: [PATCH] CB-7758: Allow content-url-hosted pages to access the bridge This allows e.g. jsHybugger to create pages with access to Cordova APIs. We restrict access to content provider URLs which are at subdomains of the application itself, ie, begin with "content://com.your.package.id." --- framework/src/org/apache/cordova/CordovaBridge.java | 10 +++++++--- framework/src/org/apache/cordova/CordovaWebView.java | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/framework/src/org/apache/cordova/CordovaBridge.java b/framework/src/org/apache/cordova/CordovaBridge.java index c3f10f3b..f3e48b69 100644 --- a/framework/src/org/apache/cordova/CordovaBridge.java +++ b/framework/src/org/apache/cordova/CordovaBridge.java @@ -37,12 +37,14 @@ public class CordovaBridge { private NativeToJsMessageQueue jsMessageQueue; private volatile int expectedBridgeSecret = -1; // written by UI thread, read by JS thread. private String loadedUrl; + private String appContentUrlPrefix; - public CordovaBridge(PluginManager pluginManager, NativeToJsMessageQueue jsMessageQueue) { + public CordovaBridge(PluginManager pluginManager, NativeToJsMessageQueue jsMessageQueue, String packageName) { this.pluginManager = pluginManager; this.jsMessageQueue = jsMessageQueue; + this.appContentUrlPrefix = "content://" + packageName + "."; } - + public String jsExec(int bridgeSecret, String service, String action, String callbackId, String arguments) throws JSONException, IllegalAccessException { if (!verifySecret("exec()", bridgeSecret)) { return null; @@ -165,7 +167,9 @@ public class CordovaBridge { // Protect against random iframes being able to talk through the bridge. // Trust only file URLs and the start URL's domain. // The extra origin.startsWith("http") is to protect against iframes with data: having "" as origin. - if (origin.startsWith("file:") || (origin.startsWith("http") && loadedUrl.startsWith(origin))) { + if (origin.startsWith("file:") || + origin.startsWith(this.appContentUrlPrefix) || + (origin.startsWith("http") && loadedUrl.startsWith(origin))) { // Enable the bridge int bridgeMode = Integer.parseInt(defaultValue.substring(9)); jsMessageQueue.setBridgeMode(bridgeMode); diff --git a/framework/src/org/apache/cordova/CordovaWebView.java b/framework/src/org/apache/cordova/CordovaWebView.java index 862f2ded..0c62b769 100755 --- a/framework/src/org/apache/cordova/CordovaWebView.java +++ b/framework/src/org/apache/cordova/CordovaWebView.java @@ -152,7 +152,7 @@ public class CordovaWebView extends WebView { super.setWebViewClient(webViewClient); pluginManager = new PluginManager(this, this.cordova, pluginEntries); - bridge = new CordovaBridge(pluginManager, new NativeToJsMessageQueue(this, cordova)); + bridge = new CordovaBridge(pluginManager, new NativeToJsMessageQueue(this, cordova), this.cordova.getActivity().getPackageName()); resourceApi = new CordovaResourceApi(this.getContext(), pluginManager); pluginManager.addService("App", "org.apache.cordova.App");