[jira] [Updated] (CB-5624) Cordova may not handle intents correctly, may be possible to override config.xml with a custom intent

Joe Bowser (JIRA) Mon, 09 Dec 2013 17:28:35 -0800

     [ 
https://issues.apache.org/jira/browse/CB-5624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Joe Bowser updated CB-5624:
---------------------------

    Priority: Major  (was: Blocker)

> Cordova may not handle intents correctly, may be possible to override 
> config.xml with a custom intent
> -----------------------------------------------------------------------------------------------------
>
>                 Key: CB-5624
>                 URL: https://issues.apache.org/jira/browse/CB-5624
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Android
>            Reporter: Joe Bowser
>            Assignee: Joe Bowser
>              Labels: security
>
> After seeing this absolutely terrible idea: 
> http://blog.cttapp.com/p/phonegap-handleopenurl-for-android, it occured to me 
> that it may be possible to use Android Intents to force a Cordova app to 
> behave in an improper way.  We have been looking at deprecating getProperty 
> methods for a while, but we may have to refactor the code.
> This is based on a hunch, but if it's possible to change the startUrl on a 
> Cordova app just by creating a stupid Android launcher, then there's a pretty 
> big problem. :(



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

[jira] [Updated] (CB-5624) Cordova may not handle intents correctly, may be possible to override config.xml with a custom intent

Reply via email to