[CB-4203] need to avoid script injection
Project: http://git-wip-us.apache.org/repos/asf/cordova-docs/repo Commit: http://git-wip-us.apache.org/repos/asf/cordova-docs/commit/824a7899 Tree: http://git-wip-us.apache.org/repos/asf/cordova-docs/tree/824a7899 Diff: http://git-wip-us.apache.org/repos/asf/cordova-docs/diff/824a7899 Branch: refs/heads/master Commit: 824a789934a0c2780d04bbd5289bc6f914ab6197 Parents: 4fa156e Author: Mike Sierra <[email protected]> Authored: Mon Sep 30 14:16:29 2013 -0400 Committer: Michael Brooks <[email protected]> Committed: Mon Oct 21 14:38:00 2013 -0700 ---------------------------------------------------------------------- docs/en/edge/guide/appdev/whitelist/index.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cordova-docs/blob/824a7899/docs/en/edge/guide/appdev/whitelist/index.md ---------------------------------------------------------------------- diff --git a/docs/en/edge/guide/appdev/whitelist/index.md b/docs/en/edge/guide/appdev/whitelist/index.md index 6760d96..ba65234 100644 --- a/docs/en/edge/guide/appdev/whitelist/index.md +++ b/docs/en/edge/guide/appdev/whitelist/index.md @@ -64,8 +64,10 @@ The following examples demonstrate whitelist syntax: Platform-soecific whitelisting rules are found in `res/xml/config.xml`. -For Android versions prior to 3.0, domain whitelisting only works for -`href` hyperlinks, not embedded resources such as images and scripts. +__NOTE:__ On Android 2.3 and before, domain whitelisting only works +for `href` hyperlinks, not referenced resources such as images and +scripts. Take steps to avoid scripts from being injected into the +application. ## iOS Whitelisting
