The browser allows any intents, but attaches Category.BROWSABLE to the intents, which is supposed to make them safe. We don't restrict the IAB to the network whitelist, so it follows (maybe?) that we wouldn't restrict it to the intent whitelist.
On Fri, Apr 24, 2015 at 6:06 PM, Jesse <[email protected]> wrote: > What does the browser do? That's what the InAppBrowser should do ... > > It may also make sense to allow the host cordova app decide whether or not > to allow it. > Presumably the host app could allow all intents, but not want to extend > that to it's InAppBrowser control, or allow some intents for some domains > ... based on their own logic ... > Ideally, I think this should be a user problem, ie. give the app developer > a chance to intercept the request, and if they don't just perform the > default browser behaviour. > > > > > > @purplecabbage > risingj.com > > On Fri, Apr 24, 2015 at 2:34 PM, Joe Bowser <[email protected]> wrote: > > > Hey > > > > I was looking at CB-8180, and I'm wondering what the correct behaviour > for > > intents being launched from URIs should be for an InAppBrowser. Should > > these have free reign to open whatever, or should they also be bound by > the > > rules of the whitelist? > > > > What do people think? > > > > Joe > > >
