During the 1.4.0 planning call, Anis proposed these requirements: 1. a consistent implementation of the whitelist across all platforms 2. follow the Opera standard (need a url to the docs for this, couldn't find it using the obvious keywords) 3. white-listing should be documented on the docs site (Getting Started section)
I like the Opera standard (see Android implementation here for an example: https://github.com/apache/incubator-cordova-android/blob/master/framework/res/xml/phonegap.xml). The only problem with iOS adopting this is the .plist format does not allow attributes in its xml. Right now the list of allowed hosts is just an array of strings, but to support "attributes" it would have to be an array of dictionaries. I could make this change but this satisfies neither requirements (1) nor (2). Changing the iOS implementation to support a PhoneGap.xml list instead of .plist is another effort entirely, but better now than later - unless we are going to use config.xml. Thoughts?
