https://issues.apache.org/jira/browse/CB-9972
3 pull requests sent for review: 1. https://github.com/apache/cordova-ios/pull/181 2. https://github.com/apache/cordova-plugin-whitelist/pull/16 3. https://github.com/apache/cordova-mobile-spec/pull/133 On Wed, Nov 11, 2015 at 12:44 AM, julio cesar sanchez <jcesarmob...@gmail.com> wrote: > Ahh, missed that, thanks Shazron! > > 2015-11-11 1:39 GMT+01:00 Shazron <shaz...@gmail.com>: > >> This is handled by this: >> >> https://github.com/apache/cordova-ios/tree/master/CordovaLib/Classes/Private/Plugins/CDVSystemSchemes >> >> Doc: >> >> https://github.com/apache/cordova-docs/commit/80906ac23c77f4ce7a5d330b28fba803736c7253 >> >> On Tue, Nov 10, 2015 at 7:41 AM, julio cesar sanchez >> <jcesarmob...@gmail.com> wrote: >> > What about url schemes? I suppose they won't work unless we allow them >> > using the CSP, but, do we have code to handle them? >> > >> > I've been looking on the source code and >> *CDVUIWebViewNavigationDelegate.m, >> > *on *shouldStartLoadWithRequest* ask *CDVViewController.m* for* >> > shouldOpenExternalURL *that queries all the plugins for >> > *shouldOpenExternalURL* method and uses *[[UIApplication >> sharedApplication] >> > openURL:url];* to open the app. >> > >> > >> > Anyway, the old legacy whitelist return *YES* only for *tel *scheme*, >> *and >> > the new whitelist doesn't include that method, so I don't think removing >> > the plugin will break anything, but is it already broken? >> > >> > or we should use the inAppBrowser plugins with _system to open other apps >> > instead of the whitelist? >> > >> > >> > >> > >> > 2015-11-10 3:18 GMT+01:00 Shazron <shaz...@gmail.com>: >> > >> >> Filed https://issues.apache.org/jira/browse/CB-9972 >> >> >> >> On Mon, Nov 9, 2015 at 5:18 PM, Carlos Santana <csantan...@gmail.com> >> >> wrote: >> >> > Shaz, >> >> > Got some feedback but so far nothing extreme to block your >> proposal. >> >> > >> >> > The only concerned was my comments around iOS8 and lower and it looks >> >> like CSP is the level of security it will get and that's fine. >> >> > >> >> > +1 to move forward >> >> > >> >> > - Carlos >> >> > @csantanapr >> >> > >> >> >> On Nov 9, 2015, at 8:13 PM, Shazron <shaz...@gmail.com> wrote: >> >> >> >> >> >> Any updates on your end Carlos? Anyone else have any concerns? I'm >> >> >> preparing a PR for review soon. >> >> >> >> >> >>> On Wed, Nov 4, 2015 at 2:42 PM, Carlos Santana < >> csantan...@gmail.com> >> >> wrote: >> >> >>> currently evaluating with some other folks at work, will provide >> >> feedback >> >> >>> soon. >> >> >>> >> >> >>> On Tue, Nov 3, 2015 at 11:07 PM Tommy-Carlos Williams < >> >> to...@devgeeks.org> >> >> >>> wrote: >> >> >>> >> >> >>>> +1 to letting the OS handle it. >> >> >>>> >> >> >>>>> On 4 Nov 2015, at 12:44, Jesse <purplecabb...@gmail.com> wrote: >> >> >>>>> >> >> >>>>> I completely support the proposal! >> >> >>>>> >> >> >>>>> >> >> >>>>> @purplecabbage >> >> >>>>> risingj.com >> >> >>>>> >> >> >>>>>> On Tue, Nov 3, 2015 at 5:35 PM, Shazron <shaz...@gmail.com> >> wrote: >> >> >>>>>> >> >> >>>>>> BUMP. This is important, and is causing a lot of pain for our >> users. >> >> >>>>>> For example: >> >> >>>>>> >> >> >>>> >> >> >> https://github.com/jessemonroy650/top-phonegap-mistakes/blob/master/the-whitelist-system.md >> >> >>>>>> >> >> >>>>>> >> >> >>>>>>> On Mon, Nov 2, 2015 at 5:38 PM, Shazron <shaz...@gmail.com> >> wrote: >> >> >>>>>>> To view contents of the PR easily: >> >> >>>>>> >> >> >>>> >> >> >> https://github.com/shazron/cordova-discuss/blob/da7af6606848a1b7d96f4d5ee5402360bf5fd53c/proposals/ios-whitelist-removal.md >> >> >>>>>>> >> >> >>>>>>>> On Mon, Nov 2, 2015 at 5:36 PM, Shazron <shaz...@gmail.com> >> >> wrote: >> >> >>>>>>>> PR sent: https://github.com/cordova/cordova-discuss/pull/27 >> >> >>>>>>>> >> >> >>>>>>>>> On Mon, Nov 2, 2015 at 5:21 PM, Shazron <shaz...@gmail.com> >> >> wrote: >> >> >>>>>>>>> Sorry everyone -- I'm structuring it as a PR and will revert >> my >> >> >>>>>>>>> commits. Will be easier to comment that way >> >> >>>>>>>>> >> >> >>>>>>>>>> On Mon, Nov 2, 2015 at 5:05 PM, Shazron <shaz...@gmail.com> >> >> wrote: >> >> >>>>>> >> >> >>>> >> >> >> https://github.com/cordova/cordova-discuss/blob/master/proposals/ios-whitelist-removal.md >> >> >>>>>>>>>> >> >> >>>>>>>>>> Comment here or there, etc. I've included flowcharts... >> >> >>>>>>>>>> >> >> >>>>>>>>>> tldr; remove the whitelist in cordova-ios-4.x. we are not >> good >> >> at >> >> >>>>>>>>>> security, let the OS handle it. >> >> >>>>>> >> >> >>>>>> >> >> --------------------------------------------------------------------- >> >> >>>>>> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >> >> >>>>>> For additional commands, e-mail: dev-h...@cordova.apache.org >> >> >>>>>> >> >> >>>>>> >> >> >>>> >> >> >>>> >> --------------------------------------------------------------------- >> >> >>>> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >> >> >>>> For additional commands, e-mail: dev-h...@cordova.apache.org >> >> >>>> >> >> >>>> >> >> >> >> >> >> --------------------------------------------------------------------- >> >> >> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >> >> >> For additional commands, e-mail: dev-h...@cordova.apache.org >> >> >> >> >> > >> >> > --------------------------------------------------------------------- >> >> > To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >> >> > For additional commands, e-mail: dev-h...@cordova.apache.org >> >> > >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >> >> For additional commands, e-mail: dev-h...@cordova.apache.org >> >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >> For additional commands, e-mail: dev-h...@cordova.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
