Fair enough. How about adding the following option on Android?
allowuniversalaccessfromfile - set to 'yes' to allow JavaScript running in
the context of a file scheme to be allowed to access content from any
origin.
Eg.
window.open('iab.html', '_blank',
'location=no,toolbar=no,allowuniversalaccessfromfile =yes');
On 8/27/13 10:57 AM, "Ian Clelland" <[email protected]> wrote:
>This looks like a direct port of cordova-android commit #07439ff9 to
>InAppBrowser.
>
>The actual setting controls whether file:///* urls are allowed to execute
>JavaScript from any context; it is usually false for browsers (at least
>Chrome) for security reasons. We turn it on for the main Cordova WebView,
>since (presumably) the developer has full control over what URLs can be
>loaded into that space. InAppBrowser is meant to be more like a regular
>browser view, (i.e. no Cordova APIs), so we haven't chosen to open that
>up.
>
>There is probably a good case to be made for allowing this -- certainly
>not
>as the default setting, but as an option that the app can set in specific
>cases when it knows that the IAB is only going to be used for local
>content, and won't be executing arbitrary scripts.
>
>Ian
>
>
>On Mon, Aug 26, 2013 at 10:56 PM, Shazron <[email protected]> wrote:
>
>> I'll let the Android devs comment on this more - seems like an easy
>>patch
>> but the question is more of a policy thing, whether we want it in there
>>at
>> all. If anything, it would be an InAppBrowser option.
>>
>>
>> On Tue, Aug 27, 2013 at 7:02 AM, Sethi, Raman <[email protected]> wrote:
>>
>> > Hi All,
>> >
>> > We ran into this issue with the InAppBrowser with local URLs, happens
>>on
>> > JellyBean only.
>> >
>> >
>> > https://issues.apache.org/jira/browse/CB-4083
>> >
>> >
>> > The fix is suggested in the comments if @Shazron or others can take a
>> > look.
>> >
>> >
>> > So far we have been patching it on our side and would like customers
>>to
>> > use the default Cordova plugin.
>> >
>> > Thanks
>> >
>> > Raman
>> >
>> >
>>
