[CB-2099] non-whitelist links may open in browser
Project: http://git-wip-us.apache.org/repos/asf/cordova-docs/repo Commit: http://git-wip-us.apache.org/repos/asf/cordova-docs/commit/2393c939 Tree: http://git-wip-us.apache.org/repos/asf/cordova-docs/tree/2393c939 Diff: http://git-wip-us.apache.org/repos/asf/cordova-docs/diff/2393c939 Branch: refs/heads/master Commit: 2393c9390f2c0e7af474c68783e6322c7d74394b Parents: 0d31cb7 Author: Mike Sierra <[email protected]> Authored: Mon Sep 30 15:03:05 2013 -0400 Committer: Michael Brooks <[email protected]> Committed: Mon Oct 21 14:38:00 2013 -0700 ---------------------------------------------------------------------- docs/en/edge/guide/appdev/whitelist/index.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/2393c939/docs/en/edge/guide/appdev/whitelist/index.md ---------------------------------------------------------------------- diff --git a/docs/en/edge/guide/appdev/whitelist/index.md b/docs/en/edge/guide/appdev/whitelist/index.md index 9d1e2e3..30d844e 100644 --- a/docs/en/edge/guide/appdev/whitelist/index.md +++ b/docs/en/edge/guide/appdev/whitelist/index.md @@ -62,7 +62,7 @@ The following examples demonstrate whitelist syntax: ## Android Whitelisting -Platform-soecific whitelisting rules are found in +Platform-specific whitelisting rules are found in `res/xml/config.xml`. __NOTE:__ On Android 2.3 and before, domain whitelisting only works @@ -70,6 +70,10 @@ for `href` hyperlinks, not referenced resources such as images and scripts. Take steps to avoid scripts from being injected into the application. +Navigating to non-whitelisted domains via `href` hyperlink causes the +page to open in the default browser rather than within the +application. (Compare this to iOS's behavior noted below.) + ## iOS Whitelisting The platform's whitelisting rules are found in the named application @@ -80,13 +84,15 @@ than `http://www.apache.org`, default to all of the `http`, `https`, `ftp`, and `ftps` schemes. Wildcards on the iOS platform are more flexible than in the [W3C -Widget Access][1] specification. - -The following accesses all subdomains and top-level domains such as -`.com` and `.net`: +Widget Access][1] specification. For example, the following accesses +all subdomains and top-level domains such as `.com` and `.net`: <access origin="*.google.*" /> +Unlike the Android platform noted above, navigating to non-whitelisted +domains via `href` hyperlink on iOS prevents the page from opening at +all. + ## BlackBerry 10 Whitelisting The whitelisting rules are found in `www/config.xml`.
