[
https://issues.apache.org/jira/browse/CB-2099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782085#comment-13782085
]
Mike Sierra commented on CB-2099:
---------------------------------
OK; I noted the risk of script injection exploits.
But separately from this bug, I also need to clarify in Whitelist doc under
what circumstances navigation to a link (a) is deferred to the default browser
rather than (b) suppressed altogether. Current doc implies (b).
> Android whitelisting only blocks documents, not resources
> ---------------------------------------------------------
>
> Key: CB-2099
> URL: https://issues.apache.org/jira/browse/CB-2099
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Affects Versions: 2.2.0
> Reporter: manjula fernando
> Assignee: Mike Sierra
>
> The Domain Whitelisting in Android works only for the href links, but not for
> the embedded resources (images, javascripts). If link is not whitelisted it
> gets opened in a new instance of native browser rather than blocking it
> completely. But in iOS it blocks all non-whitelisted domains. Please let me
> know whether this is the expected behavior in whitelisting for Android?. If
> so, has this been identified as a known issue and planning to be fixed in
> future release? Appreciate your early response on this.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
