CB-7291: Only add file, content and data URLs to internal whitelist
Project: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/repo Commit: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/commit/8afa753c Tree: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/tree/8afa753c Diff: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/diff/8afa753c Branch: refs/heads/master Commit: 8afa753c64c980c630988e55ce79a48bc88e17c7 Parents: c8b00ec Author: Ian Clelland <[email protected]> Authored: Thu Aug 21 16:10:32 2014 -0400 Committer: Archana Naik <[email protected]> Committed: Thu Aug 28 11:11:56 2014 -0700 ---------------------------------------------------------------------- framework/src/org/apache/cordova/ConfigXmlParser.java | 5 +++++ framework/src/org/apache/cordova/Whitelist.java | 4 ---- 2 files changed, 5 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/blob/8afa753c/framework/src/org/apache/cordova/ConfigXmlParser.java ---------------------------------------------------------------------- diff --git a/framework/src/org/apache/cordova/ConfigXmlParser.java b/framework/src/org/apache/cordova/ConfigXmlParser.java index a5958ef..57cf222 100644 --- a/framework/src/org/apache/cordova/ConfigXmlParser.java +++ b/framework/src/org/apache/cordova/ConfigXmlParser.java @@ -77,6 +77,11 @@ public class ConfigXmlParser { boolean insideFeature = false; ArrayList<String> urlMap = null; + // Add implicitly allowed URLs + internalWhitelist.addWhiteListEntry("file:///*", false); + internalWhitelist.addWhiteListEntry("content:///*", false); + internalWhitelist.addWhiteListEntry("data:*", false); + while (eventType != XmlResourceParser.END_DOCUMENT) { if (eventType == XmlResourceParser.START_TAG) { String strNode = xml.getName(); http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/blob/8afa753c/framework/src/org/apache/cordova/Whitelist.java ---------------------------------------------------------------------- diff --git a/framework/src/org/apache/cordova/Whitelist.java b/framework/src/org/apache/cordova/Whitelist.java index 5101ec3..d0f823c 100644 --- a/framework/src/org/apache/cordova/Whitelist.java +++ b/framework/src/org/apache/cordova/Whitelist.java @@ -98,10 +98,6 @@ public class Whitelist { public Whitelist() { this.whiteList = new ArrayList<URLPattern>(); - // Add implicitly allowed URLs - addWhiteListEntry("file:///*", false); - addWhiteListEntry("content:///*", false); - addWhiteListEntry("data:*", false); } /* Match patterns (from http://developer.chrome.com/extensions/match_patterns.html)
