[
https://issues.apache.org/jira/browse/CB-5988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14052096#comment-14052096
]
ASF subversion and git services commented on CB-5988:
-----------------------------------------------------
Commit e2ddbd366fcf7404775669add3c7806bd8ac89e9 in cordova-mobile-spec's branch
refs/heads/master from [~agrieve]
[ https://git-wip-us.apache.org/repos/asf?p=cordova-mobile-spec.git;h=e2ddbd3 ]
CB-5988 Add unit test for android bridge being blocked for data: URLs
> Allow the Android exec() to be used only by <content>'s domain
> --------------------------------------------------------------
>
> Key: CB-5988
> URL: https://issues.apache.org/jira/browse/CB-5988
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Reporter: Andrew Grieve
> Assignee: Andrew Grieve
>
> Discussion: http://markmail.org/thread/yohym3xqomjp4a64
> Add a random number to exec() to increase its security.
> Use the domain of the <content> tag as the only one the native side will
> provide a token to. Both Android and iOS can know the URL of the main frame,
> and choose not to provide a token if the domain doesn't match that of content
> (with file:/// always being allowed).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
