[jira] [Created] (CB-9277) CSP error in processMessage

Wed, 01 Jul 2015 15:50:14 -0700 

Morille Jerome created CB-9277:
----------------------------------

             Summary: CSP error in processMessage
                 Key: CB-9277
                 URL: https://issues.apache.org/jira/browse/CB-9277
             Project: Apache Cordova
          Issue Type: Bug
          Components: Android
    Affects Versions: 3.5.0
         Environment: in  CCA 0.7.1  
with use of the cordova  plugins com.chariotsolutions.nfc.plugin

with just the call of this nfc plugins
  nfc.addNdefListener(onNfcEvent,onSuccess, onFailure );

and passing the nfc tags
            Reporter: Morille Jerome


With CCA 0.7.1 during processing NFC message with the plugins
  <plugin name="com.chariotsolutions.nfc.plugin" spec="^0.6.2"/>

We pass int he method that use evel, that break the CSP constraint in ChromeApp 
Mobile.

in the file 
https://github.com/apache/cordova-android/blob/4bf705a3d39b34400388265381a9975b246e3779/bin/templates/project/assets/www/cordova.js

line 1073 we have the eval that cause the bugs..

// Processes a single message, as encoded by NativeToJsMessageQueue.java.
function processMessage(message) {
    var firstChar = message.charAt(0);
    if (firstChar == 'J') {
        // This is deprecated on the .java side. It doesn't work with CSP 
enabled.
        eval(message.slice(1));
    } else if (firstChar == 'S' || firstChar == 'F') {
        var success = firstChar == 'S';
        var keepCallback = message.charAt(1) == '1';
        var spaceIdx = message.indexOf(' ', 2);
        var status = +message.slice(2, spaceIdx);
        var nextSpaceIdx = message.indexOf(' ', spaceIdx + 1);
        var callbackId = message.slice(spaceIdx + 1, nextSpaceIdx);
        var payloadMessage = message.slice(nextSpaceIdx + 1);
        var payload = [];
        buildPayload(payload, payloadMessage);
        cordova.callbackFromNative(callbackId, success, status, payload, 
keepCallback);
    } else {
        console.log("processMessage failed: invalid message: " + 
JSON.stringify(message));
    }
}


https://github.com/MobileChromeApps/mobile-chrome-apps/issues/584



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to