[ https://issues.apache.org/jira/browse/CB-2099?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13782085#comment-13782085 ]
Mike Sierra edited comment on CB-2099 at 9/30/13 6:32 PM: ---------------------------------------------------------- OK; I noted the risk of script injection exploits. But separately from this bug, I also need to clarify in Whitelist doc under what circumstances navigation to a link (a) is delegated to the default browser rather than (b) suppressed altogether. Current doc implies (b). was (Author: sierra): OK; I noted the risk of script injection exploits. But separately from this bug, I also need to clarify in Whitelist doc under what circumstances navigation to a link (a) is deferred to the default browser rather than (b) suppressed altogether. Current doc implies (b). > Android whitelisting only blocks documents, not resources > --------------------------------------------------------- > > Key: CB-2099 > URL: https://issues.apache.org/jira/browse/CB-2099 > Project: Apache Cordova > Issue Type: Bug > Components: Android > Affects Versions: 2.2.0 > Reporter: manjula fernando > Assignee: Mike Sierra > > The Domain Whitelisting in Android works only for the href links, but not for > the embedded resources (images, javascripts). If link is not whitelisted it > gets opened in a new instance of native browser rather than blocking it > completely. But in iOS it blocks all non-whitelisted domains. Please let me > know whether this is the expected behavior in whitelisting for Android?. If > so, has this been identified as a known issue and planning to be fixed in > future release? Appreciate your early response on this. -- This message was sent by Atlassian JIRA (v6.1#6144)