breautek commented on issue #45: URL: https://github.com/apache/cordova-plugin-whitelist/issues/45#issuecomment-865022362
> Hi @janpio , we are using data: URI to include small piece of data in the HTML page, such as: > > ``` > <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAWCAYAAAArdgcFAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAAsTAAALEwEAmpwYAAABSUlEQVQ4Ee1VPUsDQRB9s3dBRCRNQvCjkDQW/hJ/gb9AOwWDoIXFgYXYXGP+hYW1/gIr7WzsE8VGxZBcwt04dznCJWw2twtWutXMmzdvlrd7t4SZVbvi1ZihZuCFqT9A/B7Qd5FI44RpPcQpE1oC1IsEq5jRBeGyc0zXaV8mvhbyOREurIRMZMZhp0VthYB9mXBi4jrUztIev1bNbKg6CMxvIWwg5GWVDOHNZ7lX6l/wrG+Fzbh/ca1bf9QWBhKtHznobgtjKF92ZBL3TUWpRbK7LhiVCY8kY3xK/iTiexNcEywSXxKBrfHvrdBN2JRsp4BoQ3dbtHLT4K+JqxWw8vr4YDaf+vR+SmXRWw99lT9N96VaypIYtwgoyWyJRtiX3T+X7TXxROcxGeAo5chlyNcBVxrb2JVpTUHsz4IQi/DL6wPucENxqvoDx69PXP8OKn4AAAAASUVORK5CYII=" /> > ``` > > The Data URI is defined in https://tools.ietf.org/html/rfc2397 > > Not sure if cordova-plugin-whitelist supports Data URI? But I do see the "data:" exists in the example of readme: https://github.com/apache/cordova-plugin-whitelist#navigation-whitelist `allow-navigation` is for the top-level frame only, e.g `location.href` which is the loaded documented in the webview. Not for sub-elements that is present inside the document. See https://github.com/apache/cordova-plugin-whitelist#navigation-whitelist For images and other web assets, you probably want want to use [Content Security Policy](https://github.com/apache/cordova-plugin-whitelist#content-security-policy). > According to the whitelist plugin, it only supports Android. I haven't really been involved in `cordova-windows` development whatsoever, so I'm not sure about our Windows platform but most platforms have their own white list (or moving forward, it will be known as allow list, however some platforms may still use white list terminology) implementation built-in. Android platform is one platform that hasn't had it's migration done yet, but I believe there is a PR intended to be included in our next major release for the android platform. Once that is done, this plugin will be completely obsolete and be deprecated accordingly. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
