Github user clelland commented on a diff in the pull request:
https://github.com/apache/cordova-android/pull/132#discussion_r19553788
--- Diff: framework/src/org/apache/cordova/AndroidWebView.java ---
@@ -354,7 +349,9 @@ private void loadUrlNow(String url) {
if (LOG.isLoggable(LOG.DEBUG) && !url.startsWith("javascript:")) {
LOG.d(TAG, ">>> loadUrlNow()");
}
- if (url.startsWith("file://") || url.startsWith("javascript:") ||
internalWhitelist.isUrlWhiteListed(url)) {
+ Boolean shouldAllowNavigation =
pluginManager.shouldAllowNavigation(url);
+ if (url.startsWith("file://") || url.startsWith("javascript:") ||
--- End diff --
The only question I see here is what to do when the plugins return `false`.
On `true`: Allow the page to load
On `null`: Allow `file` and `javascript` pages to load
On `false`: ?
I can disallow `file` urls in that case (which is probably a good idea;
otherwise, how do you ever block them?) But what about `javascript:`? Should we
always allow that? Is it part of the bridge mechanism that could never ever be
dropped?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
