CB-7291: Only add file, content and data URLs to internal whitelist

Project: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/commit/8afa753c
Tree: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/tree/8afa753c
Diff: http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/diff/8afa753c

Branch: refs/heads/master
Commit: 8afa753c64c980c630988e55ce79a48bc88e17c7
Parents: c8b00ec
Author: Ian Clelland <[email protected]>
Authored: Thu Aug 21 16:10:32 2014 -0400
Committer: Archana Naik <[email protected]>
Committed: Thu Aug 28 11:11:56 2014 -0700

----------------------------------------------------------------------
 framework/src/org/apache/cordova/ConfigXmlParser.java | 5 +++++
 framework/src/org/apache/cordova/Whitelist.java       | 4 ----
 2 files changed, 5 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/blob/8afa753c/framework/src/org/apache/cordova/ConfigXmlParser.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/ConfigXmlParser.java 
b/framework/src/org/apache/cordova/ConfigXmlParser.java
index a5958ef..57cf222 100644
--- a/framework/src/org/apache/cordova/ConfigXmlParser.java
+++ b/framework/src/org/apache/cordova/ConfigXmlParser.java
@@ -77,6 +77,11 @@ public class ConfigXmlParser {
         boolean insideFeature = false;
         ArrayList<String> urlMap = null;
 
+        // Add implicitly allowed URLs
+        internalWhitelist.addWhiteListEntry("file:///*", false);
+        internalWhitelist.addWhiteListEntry("content:///*", false);
+        internalWhitelist.addWhiteListEntry("data:*", false);
+
         while (eventType != XmlResourceParser.END_DOCUMENT) {
             if (eventType == XmlResourceParser.START_TAG) {
                 String strNode = xml.getName();

http://git-wip-us.apache.org/repos/asf/cordova-amazon-fireos/blob/8afa753c/framework/src/org/apache/cordova/Whitelist.java
----------------------------------------------------------------------
diff --git a/framework/src/org/apache/cordova/Whitelist.java 
b/framework/src/org/apache/cordova/Whitelist.java
index 5101ec3..d0f823c 100644
--- a/framework/src/org/apache/cordova/Whitelist.java
+++ b/framework/src/org/apache/cordova/Whitelist.java
@@ -98,10 +98,6 @@ public class Whitelist {
 
     public Whitelist() {
         this.whiteList = new ArrayList<URLPattern>();
-        // Add implicitly allowed URLs
-        addWhiteListEntry("file:///*", false);
-        addWhiteListEntry("content:///*", false);
-        addWhiteListEntry("data:*", false);
     }
 
     /* Match patterns (from 
http://developer.chrome.com/extensions/match_patterns.html)

Reply via email to