Personally I think the whitelist is pretty useless... On 11/1/12 7:32 PM, "Ken Wallis" <kwal...@rim.com> wrote:
>Not sure why the BlackBerry version white lists everything. We don't do >that in WebWorks ;) > > > >From: Steven Gill >To: dev@cordova.apache.org >Reply To: dev@cordova.apache.org >Re: Whitelist defaults >2012-11-01 10:30:42 PM > > > >+1 to point it out in the getting started guides. >On Nov 1, 2012 6:35 PM, "Marcel Kinard" wrote: > >> Also sounds like a good step/topic in the "getting started" guides. >> >> -- Marcel Kinard >> >> On 11/1/2012 8:36 PM, Dave Johnson wrote: >> >>> Yup agree it should whitelist nothing but it also needs to be very >>>clear >>> in >>> the log when we block a request that it's due to the whitelist. >>> >>> On Thursday, November 1, 2012, Shazron wrote: >>> >>> I concur with Kevin. It won't be much of a whitelist if no one uses it >>>> -- I >>>> would argue that if you set it to "*" by default, no dev will >>>>(usually) >>>> change that, especially if they don't know there is a whitelist in the >>>> first place. >>>> >>>> >>>> On Thu, Nov 1, 2012 at 4:48 PM, Kevin Hawkins < >>>> kevin.hawkins.cordova@gmail.**com > wrote: >>>> >>>> From a security perspective, I'm partial to the iOS (nothing) default, >>>>> recognizing of course that there are certain usability drawbacks to >>>>>that >>>>> approach. >>>>> >>>>> On Thu, Nov 1, 2012 at 4:34 PM, Filip Maj > >>>>> >>>> wrote: >>>> >>>>> Quick q: how come Android + BB's whitelists by default whitelist >>>>>> everything (*), but iOS does the opposite (whitelist nothing)? >>>>>> >>>>>> I'd like to see this unified across all platforms we support. >>>>>> >>>>>> >>>>>> >> > >--------------------------------------------------------------------- >This transmission (including any attachments) may contain confidential >information, privileged material (including material protected by the >solicitor-client or other applicable privileges), or constitute >non-public information. Any use of this information by anyone other than >the intended recipient is prohibited. If you have received this >transmission in error, please immediately reply to the sender and delete >this information from your system. Use, dissemination, distribution, or >reproduction of this transmission by unintended recipients is not >authorized and may be unlawful.