[jira] [Commented] (CB-12770) Update guide/appdev/security with up-to-date content

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CB-12770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16021224#comment-16021224
 ] 

ASF GitHub Bot commented on CB-12770:
-------------------------------------

Github user piotrowski commented on a diff in the pull request:

    https://github.com/apache/cordova-docs/pull/703#discussion_r117999300
  
    --- Diff: www/docs/en/dev/guide/appdev/security/index.md ---
    @@ -27,69 +27,155 @@ description: Information and tips for building a 
secure application.
     The following guide includes some security best practices that you should 
consider when developing a Cordova application. Please be aware that security 
is a very complicated topic and therefore this guide is not exhaustive. If you 
believe you can contribute to this guide, please feel free to file an issue in 
Cordova's bug tracker under 
["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). 
 This guide is designed to be applicable to general Cordova development (all 
platforms) but special platform-specific considerations will be noted.
     
     ## This guide discusses the following topics:
    +
    +* General Tips
    +* Plugins and Security
    +* Content Security Policy
     * Whitelist
    -* Iframes and the Callback Id Mechanism
     * Certificate Pinning
     * Self-signed Certificates
    +* Wrapping external sites and hot code push
     * Encrypted storage
    -* General Tips
     * Recommended Articles and Other Resources
     
    +## General Tips
    +
    +### Use InAppBrowser for outside links
    +
    +Use the InAppBrowser when opening links to any outside website. This is 
much safer than whitelisting a domain name and including the content directly 
in your application because the InAppBrowser will use the native browser's 
security features and will not give the website access to your Cordova 
environment. Even if you trust the third party website and include it directly 
in your application, that third party website could link to malicious web 
content.
    --- End diff --
    
    Link to InAppBrowser would be great here


> Update guide/appdev/security with up-to-date content
> ----------------------------------------------------
>
>                 Key: CB-12770
>                 URL: https://issues.apache.org/jira/browse/CB-12770
>             Project: Apache Cordova
>          Issue Type: Task
>          Components: cordova-docs
>            Reporter: Kerri Shotts
>            Assignee: Kerri Shotts
>              Labels: docs, security
>
> Updating with issues I've commonly seen elsewhere (CSP, wrapping external 
> sites, etc.); reordering a bit; removing really old bits.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org