[
https://issues.apache.org/jira/browse/CB-2099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13641583#comment-13641583
]
VERGNES Denis commented on CB-2099:
-----------------------------------
Concerning this bug, I need your insights. In my application, I am loading some
images from Facebook and others websites. Before the patch to fix this issue I
can load them without trouble but now I can't. For sure you can argue I can add
domains of others websites inside my white list to make it work again. The
thing is I don't want my application becomes dependent from the way other
websites deploy their images because currently every time they decide to change
the domain to server their images then I have to update my application which is
not so convenient.
For sure I can override the shouldInterceptUrl and remove the check you have
added but then what will be the impact on the security? Do you have any advice
to resolve my problem?
> Android whitelisting only blocks documents, not resources
> ---------------------------------------------------------
>
> Key: CB-2099
> URL: https://issues.apache.org/jira/browse/CB-2099
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Affects Versions: 2.2.0
> Reporter: manjula fernando
> Assignee: Joe Bowser
>
> The Domain Whitelisting in Android works only for the href links, but not for
> the embedded resources (images, javascripts). If link is not whitelisted it
> gets opened in a new instance of native browser rather than blocking it
> completely. But in iOS it blocks all non-whitelisted domains. Please let me
> know whether this is the expected behavior in whitelisting for Android?. If
> so, has this been identified as a known issue and planning to be fixed in
> future release? Appreciate your early response on this.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
