public/cordova-android
public/cordova-android
9
0
Fork 0
forked from github/cordova-android
Code Pull Requests Activity

CB-7940 Disable exec bridge if bridgeSecret is wrong

Browse Source
This commit is contained in:
Andrew Grieve 2014-11-04 15:57:51 -05:00
parent fc63f66e89
commit 032ea8a8d3
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
framework/src/org/apache/cordova/CordovaBridge.java
View File

@ -99,6 +99,8 @@ public class CordovaBridge {
} }
// Bridge secret wrong and bridge not due to it being from the previous page. // Bridge secret wrong and bridge not due to it being from the previous page.
if (expectedBridgeSecret < 0 || bridgeSecret != expectedBridgeSecret) { if (expectedBridgeSecret < 0 || bridgeSecret != expectedBridgeSecret) {
Log.e(LOG_TAG, "Bridge access attempt with wrong secret token, possibly from malicious code. Disabling exec() bridge!");
clearBridgeSecret();
throw new IllegalAccessException(); throw new IllegalAccessException();
} }
return true; return true;