From 686108484e6a7c1a316d7c6bc869c209c46d27e3 Mon Sep 17 00:00:00 2001
From: Jesse MacFadyen <purplecabbage@gmail.com>
Date: Thu, 28 Feb 2019 14:52:01 -0800
Subject: [PATCH] Prevent malformed callbackId from reaching app cordova view

---
 src/android/InAppChromeClient.java | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/android/InAppChromeClient.java b/src/android/InAppChromeClient.java
index a2145e6..fe5dd34 100644
--- a/src/android/InAppChromeClient.java
+++ b/src/android/InAppChromeClient.java
@@ -104,7 +104,7 @@ public class InAppChromeClient extends WebChromeClient {
             if(defaultValue.startsWith("gap-iab://")) {
                 PluginResult scriptResult;
                 String scriptCallbackId = defaultValue.substring(10);
-                if (scriptCallbackId.startsWith("InAppBrowser")) {
+                if (scriptCallbackId.matches("^InAppBrowser[0-9]{1,10}$")) {
                     if(message == null || message.length() == 0) {
                         scriptResult = new PluginResult(PluginResult.Status.OK, new JSONArray());
                     } else {
@@ -118,9 +118,14 @@ public class InAppChromeClient extends WebChromeClient {
                     result.confirm("");
                     return true;
                 }
+                else {
+                    // Anything else that doesn't look like InAppBrowser0123456789 should end up here
+                    LOG.w(LOG_TAG, "InAppBrowser callback called with invalid callbackId : "+ scriptCallbackId);
+                    result.cancel();
+                    return true;
+                }
             }
-            else
-            {
+            else {
                 // Anything else with a gap: prefix should get this message
                 LOG.w(LOG_TAG, "InAppBrowser does not support Cordova API calls: " + url + " " + defaultValue); 
                 result.cancel();