[
https://issues.apache.org/jira/browse/CB-5624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Bowser resolved CB-5624.
----------------------------
Resolution: Cannot Reproduce
I was wrong. The config.xml overrides any Extras put on the Intent from the
outside. This MIGHT not be the behaviour that we want later, but this is the
secure behaviour that makes our apps not totally insecure.
It's better to panic, create the bug and be wrong than to have a nasty surprise.
> Cordova may not handle intents correctly, may be possible to override
> config.xml with a custom intent
> -----------------------------------------------------------------------------------------------------
>
> Key: CB-5624
> URL: https://issues.apache.org/jira/browse/CB-5624
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Reporter: Joe Bowser
> Assignee: Joe Bowser
> Labels: security
>
> After seeing this absolutely terrible idea:
> http://blog.cttapp.com/p/phonegap-handleopenurl-for-android, it occured to me
> that it may be possible to use Android Intents to force a Cordova app to
> behave in an improper way. We have been looking at deprecating getProperty
> methods for a while, but we may have to refactor the code.
> This is based on a hunch, but if it's possible to change the startUrl on a
> Cordova app just by creating a stupid Android launcher, then there's a pretty
> big problem. :(
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
