NiklasMerz commented on code in PR #1319: URL: https://github.com/apache/cordova-docs/pull/1319#discussion_r1211810532
########## www/docs/en/dev/guide/platforms/ios/plugin.md: ########## @@ -260,8 +260,8 @@ For JavaScript, you can attach Safari to the app running within the iOS Simulato - Don't forget to add your plugin's mapping to `config.xml`. If you forget, an error is logged in the Xcode console. -- Don't forget to add any hosts you connect to in the whitelist, as - described in Domain [Whitelist Guide](../../appdev/whitelist/index.html). If you forget, an error is +- Don't forget to add any hosts you connect to in the allo list, as Review Comment: ```suggestion - Don't forget to add any hosts you connect to in the allow list, as ``` ########## www/docs/en/dev/guide/appdev/security/index.md: ########## @@ -42,7 +42,7 @@ By default the app's navigation is unrestricted. It's recommended to restrict th ## Iframes and the Callback Id Mechanism -If content is served in an iframe from a whitelisted domain, that domain will have access to the native Cordova bridge. This means that if you whitelist a third-party advertising network and serve those ads through an iframe, it is possible that a malicious ad will be able to break out of the iframe and perform malicious actions. Because of this, you should generally not use iframes unless you control the server that hosts the iframe content. Also note that there are third party plugins available to support advertising networks. Note that this statement is not true for iOS, which intercepts everything including iframe connections. +If content is served in an iframe from a allow listed domain, that domain will have access to the native Cordova bridge. This means that if you allowed a third-party advertising network and serve those ads through an iframe, it is possible that a malicious ad will be able to break out of the iframe and perform malicious actions. Because of this, you should generally not use iframes unless you control the server that hosts the iframe content. Also note that there are third party plugins available to support advertising networks. Note that this statement is not true for iOS, which intercepts everything including iframe connections. Review Comment: ```suggestion If content is served in an iframe from a allow listed domain, that domain will have access to the native Cordova bridge. This means that if you allowe a third-party advertising network and serve those ads through an iframe, it is possible that a malicious ad will be able to break out of the iframe and perform malicious actions. Because of this, you should generally not use iframes unless you control the server that hosts the iframe content. Also note that there are third party plugins available to support advertising networks. Note that this statement is not true for iOS, which intercepts everything including iframe connections. ``` ########## www/docs/en/dev/guide/platforms/android/index.md: ########## @@ -31,19 +31,119 @@ Regardless of whether you intend to utilize Android-specific command-line tools The supported [Android API Levels](https://developer.android.com/guide/topics/manifest/uses-sdk-element#ApiLevels) (versions of Android) corresponding with the Cordova-Android released versions are listed in the table below: -cordova-android Version | Supported Android API-Levels | Equivalent Android Version -------------------------|------------------------------|----------------------------- -12.X.X | 24 - 33 | 7.0 - 13.0.0 -11.X.X | 22 - 32 | 5.1 - 12.0.0 (L) -10.X.X | 22 - 30 | 5.1 - 11.0.0 -9.X.X | 22 - 29 | 5.1 - 10.0.0 -8.X.X | 19 - 28 | 4.4 - 9.0.0 -7.X.X | 19 - 27 | 4.4 - 8.1 -6.X.X | 16 - 26 | 4.1 - 8.0.0 -5.X.X | 14 - 23 | 4.0 - 6.0.1 -4.1.X | 14 - 22 | 4.0 - 5.1 -4.0.X | 10 - 22 | 2.3.3 - 5.1 -3.7.X | 10 - 21 | 2.3.3 - 5.0.2 +<table> + <thead> + <tr> + <th>cordova-android Version</th> + <th>Android API-Levels (Android Version)</th> Review Comment: Why replace the md table with a HTML table? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
