[jira] [Commented] (CB-14048) Inappbrowser allowedSchemes doesn't check empty string

Sat, 19 May 2018 04:50:27 -0700 

    [ 
https://issues.apache.org/jira/browse/CB-14048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16481591#comment-16481591
 ] 

ASF subversion and git services commented on CB-14048:
------------------------------------------------------

Commit 33aff11f45336ac2e9e2d17604ff85fe0e60973b in 
cordova-plugin-inappbrowser's branch refs/heads/master from [~jcesarmobile]
[ 
https://gitbox.apache.org/repos/asf?p=cordova-plugin-inappbrowser.git;h=33aff11 
]

Merge pull request #268 from wtrocki/CB-14048

CB-14048: (android) allowedSchemes check empty string fix

> Inappbrowser allowedSchemes doesn't check empty string
> ------------------------------------------------------
>
>                 Key: CB-14048
>                 URL: https://issues.apache.org/jira/browse/CB-14048
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: cordova-plugin-inappbrowser
>            Reporter: Reed Richards
>            Priority: Minor
>
> The new AllowSchemes introduced with [email protected] doesn't check if  
> _AllowSchemes_ contains  empty string after having being loaded, respectively 
> only if _null_, which could lead to error in case a custom scheme is use but 
> not set as white listed schema 
> What I mean is that, if no _preference_ would be set in _config.xml_ but a 
> custom scheme would be used (my case) then the variable _allowSchemes_ won't 
> be _null_ but will contains an _empty string_
>  
> In InAppBrowser.java
>  
> {code:java}
> else if (!url.startsWith("http:") && !url.startsWith("https:") && 
> url.matches("^[a-z]*://.*?$")) {
>     if (allowedSchemes == null) {
>         String allowed = preferences.getString("AllowedSchemes", "");
>         allowedSchemes = allowed.split(",");
>     }
>     if (allowedSchemes != null) { // <------- If  preference AllowedSchemes 
> is not specified, variable allowedSchemes not gonna be null but an array 
> containing an empty string
>        for (String scheme : allowedSchemes) { 
>            if (url.startsWith(scheme)) { 
>               if (url.startsWith(scheme)) { // <------ which leads to the 
> problem "urlidontwanttowhilelist://".startsWith("") == true{code}
>   
> I would like to improve this check for example like following
>  
> {code:java}
> if (url.startsWith(scheme) && !"".equals(scheme)) {
> {code}
>  
>  Thx in advance for the improvement
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to