[
https://issues.apache.org/jira/browse/CB-11270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15406722#comment-15406722
]
ASF GitHub Bot commented on CB-11270:
-------------------------------------
Github user shazron commented on a diff in the pull request:
https://github.com/apache/cordova-ios/pull/232#discussion_r73432421
--- Diff:
CordovaLib/Classes/Private/Plugins/CDVIntentAndNavigationFilter/CDVIntentAndNavigationFilter.m
---
@@ -95,23 +95,33 @@ - (CDVIntentAndNavigationFilterValue)
filterUrl:(NSURL*)url
return [[self class] filterUrl:url
intentsWhitelist:self.allowIntentsWhitelist
navigationsWhitelist:self.allowNavigationsWhitelist];
}
-- (BOOL)shouldOverrideLoadWithRequest:(NSURLRequest*)request
navigationType:(UIWebViewNavigationType)navigationType
++ (BOOL)shouldOpenURLRequest:(NSURLRequest*)request
navigationType:(UIWebViewNavigationType)navigationType
+{
+ return (UIWebViewNavigationTypeLinkClicked == navigationType ||
+ (UIWebViewNavigationTypeOther == navigationType &&
+ [[request.mainDocumentURL absoluteString]
isEqualToString:[request.URL absoluteString]]
+ )
+ );
+}
+
++ (BOOL)shouldOverrideLoadWithRequest:(NSURLRequest*)request
navigationType:(UIWebViewNavigationType)navigationType
filterValue:(CDVIntentAndNavigationFilterValue)filterValue
{
NSString* allowIntents_whitelistRejectionFormatString = @"ERROR
External navigation rejected - <allow-intent> not set for url='%@'";
NSString* allowNavigations_whitelistRejectionFormatString = @"ERROR
Internal navigation rejected - <allow-navigation> not set for url='%@'";
NSURL* url = [request URL];
- CDVIntentAndNavigationFilterValue filterValue = [self filterUrl:url];
switch (filterValue) {
case CDVIntentAndNavigationFilterValueNavigationAllowed:
return YES;
case CDVIntentAndNavigationFilterValueIntentAllowed:
- // only allow-intent if it's a
UIWebViewNavigationTypeLinkClicked (anchor tag)
- if (UIWebViewNavigationTypeLinkClicked == navigationType) {
+ // only allow-intent if it's a
UIWebViewNavigationTypeLinkClicked (anchor tag) OR
+ // it's a UIWebViewNavigationTypeOther, and it's an internal
link
+ if ([[self class] shouldOpenURLRequest:request
navigationType:navigationType]){
[[UIApplication sharedApplication] openURL:url];
}
- // consume the request (i.e. no error) if it wasn't a
UIWebViewNavigationTypeLinkClicked
+
--- End diff --
returning NO here signals to the WebView that it should not load the URL
inside itself, so it is correct in this context since we open the url
externally.
> [QUESTION] Is whitelist intent filter working as intended?
> ----------------------------------------------------------
>
> Key: CB-11270
> URL: https://issues.apache.org/jira/browse/CB-11270
> Project: Apache Cordova
> Issue Type: Improvement
> Components: iOS
> Reporter: Tony Homer
> Assignee: Shazron Abdullah
>
> In 3.8.0, given an intent directive like
> {code}
> <allow-intent href="tel:*" />
> {code}
> , interacting with any of the following elements would result in tel:
> requests that would all be allowed:
> {code}
> <a id="tel-button" href="tel:777777777">do tel with a.href</a>
> <a id="tel-a-onclick" onclick="document.location.href='tel:777777777';">do
> tel with a.onclick</a>
> <button id="tel-button" onclick="document.location.href='tel:777777777';">do
> tel with button.onclick</button>
> {code}
> However, in 4.1.1, only the first interaction will be allowed.
> This is because intent directives are only applied to the
> UIWebViewNavigationTypeLinkClicked navigationType (the navigationType for the
> second and third examples is UIWebViewNavigationTypeOther).
> Is this working as intended?
> It seems that either the whitelist intent filter in 4+ is not working as
> intended or, if working as intended, the documentation should be improved to
> spell out this case.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
