[ https://issues.apache.org/jira/browse/CB-5624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joe Bowser updated CB-5624: --------------------------- Priority: Major (was: Blocker) > Cordova may not handle intents correctly, may be possible to override > config.xml with a custom intent > ----------------------------------------------------------------------------------------------------- > > Key: CB-5624 > URL: https://issues.apache.org/jira/browse/CB-5624 > Project: Apache Cordova > Issue Type: Bug > Components: Android > Reporter: Joe Bowser > Assignee: Joe Bowser > Labels: security > > After seeing this absolutely terrible idea: > http://blog.cttapp.com/p/phonegap-handleopenurl-for-android, it occured to me > that it may be possible to use Android Intents to force a Cordova app to > behave in an improper way. We have been looking at deprecating getProperty > methods for a while, but we may have to refactor the code. > This is based on a hunch, but if it's possible to change the startUrl on a > Cordova app just by creating a stupid Android launcher, then there's a pretty > big problem. :( -- This message was sent by Atlassian JIRA (v6.1.4#6159)