[
https://issues.apache.org/jira/browse/CB-5657?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jamal Johnson updated CB-5657:
------------------------------
Description:
If a url has an encoded (or non-encoded) space in it, the URLIsAllowed method
crashes the app because
NSURL URLWithString:[NSString stringWithFormat:@"%@://%@%@",
kCDVDefaultSchemeName, [url host], [url path]]];
returns nil which then crashes on this conditional:
if ([self URLIsAllowed:newUrl logFailure:NO])
I haven't found where exactly the NSURL's path get's decoded, but maybe it's an
issue internal to iOS when creating the NSURL from the NSURLRequest in
CDVURLProtocol.canInitWithRequest? At this point:
NSURL* theUrl = [theRequest URL];
theUrl.path does not have the encoding's in the url (ie. %20's are not present).
We have worked around the issue by encoding the path sent to the URLWithString
method:
NSURL* newUrl = [NSURL URLWithString:[NSString stringWithFormat:@"%@://%@%@",
kCDVDefaultSchemeName, [url host], [[url path]
stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]]];
newUrl is no longer nil and the app doesn't crash
was:
If a url has an encoded (or non-encoded) space in it, the URLIsAllowed method
crashes the app because
NSURL URLWithString:[NSString stringWithFormat:@"%@://%@%@",
kCDVDefaultSchemeName, [url host], [url path]]];
returns nil which then crashes on this conditional:
if ([self URLIsAllowed:newUrl logFailure:NO])
I haven't found where exactly the NSURL's path get's decoded, but maybe it's an
issue internal to iOS when creating the NSURL from the NSURLRequest in
CDVURLProtocol.canInitWithRequest? At this point:
NSURL* theUrl = [theRequest URL];)
theUrl.path does not have the encoding's in the url (ie. %20's are not present).
We have worked around the issue by encoding the path sent to the URLWithString
method:
NSURL* newUrl = [NSURL URLWithString:[NSString stringWithFormat:@"%@://%@%@",
kCDVDefaultSchemeName, [url host], [[url path]
stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]]];
newUrl is no longer nil and the app doesn't crash
> CDVWhitelist.URLIsAllowed crashes app if the URL includes (encoded) spaces
> --------------------------------------------------------------------------
>
> Key: CB-5657
> URL: https://issues.apache.org/jira/browse/CB-5657
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Affects Versions: 3.1.0
> Reporter: Jamal Johnson
>
> If a url has an encoded (or non-encoded) space in it, the URLIsAllowed method
> crashes the app because
> NSURL URLWithString:[NSString stringWithFormat:@"%@://%@%@",
> kCDVDefaultSchemeName, [url host], [url path]]];
> returns nil which then crashes on this conditional:
> if ([self URLIsAllowed:newUrl logFailure:NO])
> I haven't found where exactly the NSURL's path get's decoded, but maybe it's
> an issue internal to iOS when creating the NSURL from the NSURLRequest in
> CDVURLProtocol.canInitWithRequest? At this point:
> NSURL* theUrl = [theRequest URL];
> theUrl.path does not have the encoding's in the url (ie. %20's are not
> present).
> We have worked around the issue by encoding the path sent to the
> URLWithString method:
> NSURL* newUrl = [NSURL URLWithString:[NSString stringWithFormat:@"%@://%@%@",
> kCDVDefaultSchemeName, [url host], [[url path]
> stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding]]];
> newUrl is no longer nil and the app doesn't crash
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
