[
https://issues.apache.org/jira/browse/CB-14048?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16481588#comment-16481588
]
ASF GitHub Bot commented on CB-14048:
-------------------------------------
jcesarmobile closed pull request #268: CB-14048: (android) allowedSchemes check
empty string fix
URL: https://github.com/apache/cordova-plugin-inappbrowser/pull/268
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/src/android/InAppBrowser.java b/src/android/InAppBrowser.java
index 9b3388ced..e6309286d 100644
--- a/src/android/InAppBrowser.java
+++ b/src/android/InAppBrowser.java
@@ -1114,8 +1114,10 @@ else if (url.startsWith("sms:")) {
// Test for whitelisted custom scheme names like mycoolapp:// or
twitteroauthresponse:// (Twitter Oauth Response)
else if (!url.startsWith("http:") && !url.startsWith("https:") &&
url.matches("^[a-z]*://.*?$")) {
if (allowedSchemes == null) {
- String allowed = preferences.getString("AllowedSchemes",
"");
- allowedSchemes = allowed.split(",");
+ String allowed = preferences.getString("AllowedSchemes",
null);
+ if(allowed != null) {
+ allowedSchemes = allowed.split(",");
+ }
}
if (allowedSchemes != null) {
for (String scheme : allowedSchemes) {
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Inappbrowser allowedSchemes doesn't check empty string
> ------------------------------------------------------
>
> Key: CB-14048
> URL: https://issues.apache.org/jira/browse/CB-14048
> Project: Apache Cordova
> Issue Type: Bug
> Components: cordova-plugin-inappbrowser
> Reporter: Reed Richards
> Priority: Minor
>
> The new AllowSchemes introduced with [email protected] doesn't check if
> _AllowSchemes_ contains empty string after having being loaded, respectively
> only if _null_, which could lead to error in case a custom scheme is use but
> not set as white listed schema
> What I mean is that, if no _preference_ would be set in _config.xml_ but a
> custom scheme would be used (my case) then the variable _allowSchemes_ won't
> be _null_ but will contains an _empty string_
>
> In InAppBrowser.java
>
> {code:java}
> else if (!url.startsWith("http:") && !url.startsWith("https:") &&
> url.matches("^[a-z]*://.*?$")) {
> if (allowedSchemes == null) {
> String allowed = preferences.getString("AllowedSchemes", "");
> allowedSchemes = allowed.split(",");
> }
> if (allowedSchemes != null) { // <------- If preference AllowedSchemes
> is not specified, variable allowedSchemes not gonna be null but an array
> containing an empty string
> for (String scheme : allowedSchemes) {
> if (url.startsWith(scheme)) {
> if (url.startsWith(scheme)) { // <------ which leads to the
> problem "urlidontwanttowhilelist://".startsWith("") == true{code}
>
> I would like to improve this check for example like following
>
> {code:java}
> if (url.startsWith(scheme) && !"".equals(scheme)) {
> {code}
>
> Thx in advance for the improvement
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
