[
https://issues.apache.org/jira/browse/CB-14048?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Reed Richards updated CB-14048:
-------------------------------
Description:
The new AllowSchemes introduced with [email protected] doesn't check if
_AllowSchemes_ is empty after having being loaded, respectively only if _null_,
which could lead to error in case a custom scheme is use but not set as white
listed schema
What I mean is that, if no _preference_ would be set in _config.xml_ but a
custom scheme would be used (my case) then the variable _allowSchemes_ won't be
_null_ but an _empty string_
In InAppBrowser.java
{code:java}
else if (!url.startsWith("http:") && !url.startsWith("https:") &&
url.matches("^[a-z]*://.*?$")) {
if (allowedSchemes == null) {
String allowed = preferences.getString("AllowedSchemes", "");
allowedSchemes = allowed.split(",");
}
if (allowedSchemes != null) { // <------- If preference AllowedSchemes is
not specified, variable allowedSchemes gonna be empty ("") not null
for (String scheme : allowedSchemes) {
if (url.startsWith(scheme)) {
if (url.startsWith(scheme)) { // <------ which leads to the
problem "urlidontwanttowhilelist://".startsWith("") == true{code}
I would like to improve this check for example like following
{code:java}
if (url.startsWith(scheme) && !"".equals(scheme)) {
{code}
Thx in advance for the improvement
was:
The new AllowSchemes introduced with [email protected] doesn't check if
_AllowSchemes_ is empty after having being loaded, respectively only if _null_,
which could lead to error in case a custom scheme is use but not set as white
listed schema
What I mean is that, if no _preference_ would be set in _config.xml_ but a
custom scheme would be used (my case) then the variable _allowSchemes_ won't be
_null_ but an _empty string_
In InAppBrowser.java
{code:java}
else if (!url.startsWith("http:") && !url.startsWith("https:") &&
url.matches("^[a-z]*://.*?$")) {
if (allowedSchemes == null) {
String allowed = preferences.getString("AllowedSchemes", "");
allowedSchemes = allowed.split(",");
}
if (allowedSchemes != null) { // <------- If preference AllowedSchemes is
not specified, variable allowedSchemes gonna be empty ("") not null
for (String scheme : allowedSchemes) {
if (url.startsWith(scheme)) { // <------ which leads to the problem
"urlidontwanttowhilelist://".startsWith("") == true{code}
I would like to improve this check for example like following
{code:java}
if (allowedSchemes != null && !"".equals(allowedSchemes)) {
{code}
Thx in advance for the improvement
> Inappbrowser allowedSchemes doesn't check empty string
> ------------------------------------------------------
>
> Key: CB-14048
> URL: https://issues.apache.org/jira/browse/CB-14048
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-plugin-inappbrowser
> Reporter: Reed Richards
> Priority: Minor
>
> The new AllowSchemes introduced with [email protected] doesn't check if
> _AllowSchemes_ is empty after having being loaded, respectively only if
> _null_, which could lead to error in case a custom scheme is use but not set
> as white listed schema
> What I mean is that, if no _preference_ would be set in _config.xml_ but a
> custom scheme would be used (my case) then the variable _allowSchemes_ won't
> be _null_ but an _empty string_
>
> In InAppBrowser.java
>
> {code:java}
> else if (!url.startsWith("http:") && !url.startsWith("https:") &&
> url.matches("^[a-z]*://.*?$")) {
> if (allowedSchemes == null) {
> String allowed = preferences.getString("AllowedSchemes", "");
> allowedSchemes = allowed.split(",");
> }
> if (allowedSchemes != null) { // <------- If preference AllowedSchemes
> is not specified, variable allowedSchemes gonna be empty ("") not null
> for (String scheme : allowedSchemes) {
> if (url.startsWith(scheme)) {
> if (url.startsWith(scheme)) { // <------ which leads to the
> problem "urlidontwanttowhilelist://".startsWith("") == true{code}
>
> I would like to improve this check for example like following
>
> {code:java}
> if (url.startsWith(scheme) && !"".equals(scheme)) {
> {code}
>
> Thx in advance for the improvement
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
