[
https://issues.apache.org/jira/browse/CB-10709?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15358035#comment-15358035
]
Shazron Abdullah commented on CB-10709:
---------------------------------------
Unless they are non-http(s) (say data urls, embedding a HTML page for example)
as the Android Quirk says in the README
https://github.com/apache/cordova-plugin-whitelist
> Allow-navigation rule for iFrame urls on cordova-ios
> ----------------------------------------------------
>
> Key: CB-10709
> URL: https://issues.apache.org/jira/browse/CB-10709
> Project: Apache Cordova
> Issue Type: Bug
> Components: iOS
> Affects Versions: 6.0.0
> Reporter: Harsha Kiran
> Assignee: Shazron Abdullah
> Labels: cordova-ios-4.1.1, triaged
>
> Currently with Whitelist plugin set to <allow-navigation="*://domain.com/*">
> doesn't allow navigation to other domains including urls embedded using
> iframe on iOS.
> EG: If I tried to embed a youtube video using iframe tag with only this rule
> <allow-navigation="*://domain.com/*">, it doesn't allow loading of the video
> in iframe as youtube.com is not listed in allowed domains.
> If we add <allow-navigation="*://youtube.com/*"> it allows the loading of
> iframe but will also allow navigation to youtube.com using Javascript i.e
> window.open('http://youtube.com').
> With current implementation in cordova-ios, I'm not sure if there is any
> solution to allow a domain navigation in iframe and not allow navigation to
> that domain using other methods like javascript.
> Android ignores the allow-navigation rule for iframe loaded urls, so iOS
> should be modified to behave the same?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
