I've tried to explain it in the plugin's readme: https://github.com/apache/cordova-plugins/tree/master/url-policy
Some points for discussion:
- What should the default behaviour be for the three whitelists (what
should happen if not whitelist plugin is installed).
- right now it can't open external URLs
- and can't do XHRs to http(s)
- Is the plugin name decent ("url-policy"). We should make a dedicated git
repo for it (as well as for legacy-whitelist plugin)
