[
https://issues.apache.org/jira/browse/CB-2179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14003838#comment-14003838
]
Mike Billau commented on CB-2179:
---------------------------------
Added a new Security guide, documented that they should use InAppBrowser for
any and all third party content and explained that otherwise, those third party
pages will have access to the bridge.
https://git-wip-us.apache.org/repos/asf?p=cordova-docs.git;a=commit;h=7e6d5b9bc51c5249f20f7c3f2493923d609c7418
> Warn developers about including third-party content in their apps.
> ------------------------------------------------------------------
>
> Key: CB-2179
> URL: https://issues.apache.org/jira/browse/CB-2179
> Project: Apache Cordova
> Issue Type: Bug
> Components: Docs
> Affects Versions: 2.4.0, 2.5.0, 2.6.0
> Reporter: Andrew Grieve
> Assignee: Andrew Grieve
> Priority: Minor
> Fix For: 3.5.0
>
>
> We expose our native APIs to iframes as well as top-level content, so we
> should warn against using iframes for third-party code.
> Might make sense to change "Domain Whitelist Guide" -> "Security & Whitelist
> Guide" and then add a section to it about the dangers of embedding untrusted
> content.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
