This looks like a direct port of cordova-android commit #07439ff9 to InAppBrowser.
The actual setting controls whether file:///* urls are allowed to execute JavaScript from any context; it is usually false for browsers (at least Chrome) for security reasons. We turn it on for the main Cordova WebView, since (presumably) the developer has full control over what URLs can be loaded into that space. InAppBrowser is meant to be more like a regular browser view, (i.e. no Cordova APIs), so we haven't chosen to open that up. There is probably a good case to be made for allowing this -- certainly not as the default setting, but as an option that the app can set in specific cases when it knows that the IAB is only going to be used for local content, and won't be executing arbitrary scripts. Ian On Mon, Aug 26, 2013 at 10:56 PM, Shazron <[email protected]> wrote: > I'll let the Android devs comment on this more - seems like an easy patch > but the question is more of a policy thing, whether we want it in there at > all. If anything, it would be an InAppBrowser option. > > > On Tue, Aug 27, 2013 at 7:02 AM, Sethi, Raman <[email protected]> wrote: > > > Hi All, > > > > We ran into this issue with the InAppBrowser with local URLs, happens on > > JellyBean only. > > > > > > https://issues.apache.org/jira/browse/CB-4083 > > > > > > The fix is suggested in the comments if @Shazron or others can take a > > look. > > > > > > So far we have been patching it on our side and would like customers to > > use the default Cordova plugin. > > > > Thanks > > > > Raman > > > > >
