public/cordova-android
public/cordova-android
9
0
Fork 0
forked from github/cordova-android
Code Pull Requests Activity

Fixed protocol regex bug. Unknown protocol support Added whitelist support for unknown protocols

Browse Source
This commit is contained in:
Shravan Narayan 2013-03-26 00:10:26 -04:00
parent 73c7994cd1
commit f4859444dd
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
framework/src/org/apache/cordova/Config.java
View File

@ -171,7 +171,7 @@ public class Config {
LOG.i("CordovaLog", "Found start page location: %s", src); LOG.i("CordovaLog", "Found start page location: %s", src);
if (src != null) { if (src != null) {
Pattern schemeRegex = Pattern.compile("^[a-z]+://"); Pattern schemeRegex = Pattern.compile("^[a-z-]+://");
Matcher matcher = schemeRegex.matcher(src); Matcher matcher = schemeRegex.matcher(src);
if (matcher.find()) { if (matcher.find()) {
startUrl = src; startUrl = src;
@ -220,19 +220,33 @@ public class Config {
} else { // specific access } else { // specific access
// check if subdomains should be included // check if subdomains should be included
// TODO: we should not add more domains if * has already been added // TODO: we should not add more domains if * has already been added
Pattern schemeRegex = Pattern.compile("^[a-z-]+://");
Matcher matcher = schemeRegex.matcher(origin);
if (subdomains) { if (subdomains) {
// XXX making it stupid friendly for people who forget to include protocol/SSL // Check for http or https protocols
if (origin.startsWith("http")) { if (origin.startsWith("http")) {
this.whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://(.*\\.)?"))); this.whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://(.*\\.)?")));
} else { }
// Check for other protocols
else if(matcher.find()){
this.whiteList.add(Pattern.compile("^" + origin.replaceFirst("//", "//(.*\\.)?")));
}
// XXX making it stupid friendly for people who forget to include protocol/SSL
else {
this.whiteList.add(Pattern.compile("^https?://(.*\\.)?" + origin)); this.whiteList.add(Pattern.compile("^https?://(.*\\.)?" + origin));
} }
LOG.d(TAG, "Origin to allow with subdomains: %s", origin); LOG.d(TAG, "Origin to allow with subdomains: %s", origin);
} else { } else {
// XXX making it stupid friendly for people who forget to include protocol/SSL // Check for http or https protocols
if (origin.startsWith("http")) { if (origin.startsWith("http")) {
this.whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://"))); this.whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://")));
} else { }
// Check for other protocols
else if(matcher.find()){
this.whiteList.add(Pattern.compile("^" + origin));
}
// XXX making it stupid friendly for people who forget to include protocol/SSL
else {
this.whiteList.add(Pattern.compile("^https?://" + origin)); this.whiteList.add(Pattern.compile("^https?://" + origin));
} }
LOG.d(TAG, "Origin to allow: %s", origin); LOG.d(TAG, "Origin to allow: %s", origin);