carlpoole opened a new pull request #792: URL: https://github.com/apache/cordova-plugin-inappbrowser/pull/792
<!-- Please make sure the checklist boxes are all checked before submitting the PR. The checklist is intended as a quick reference, for complete details please see our Contributor Guidelines: http://cordova.apache.org/contribute/contribute_guidelines.html Thanks! --> ### Platforms affected Android ### Motivation and Context <!-- Why is this change required? What problem does it solve? --> <!-- If it fixes an open issue, please link to the issue here. --> These changes mitigate the security vulnerability (CVE-2020-6506) recently found in Chromium that affects the Android WebView prior to version 83.0.4103.106. See: https://cordova.apache.org/news/2020/09/29/cve-2020-6506.html See: https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/ See: https://bugs.chromium.org/p/chromium/issues/detail?id=1083819 ### Description <!-- Describe your changes in detail --> This mitigation strategy works by enabling the flag to handle multiple windows in the InAppBrowser plugin. When a new window event occurs, the plugin attempts to load the target in a temporary WebView. If the URL is clean it will be passed back to the original InAppBrowser WebView to mimic the original single-window behavior. This filters out Javascript (and thus any malicious code). ### Testing <!-- Please describe in detail how you tested your changes. --> This mitigation was tested using proof-of-concept pages provided by the security researcher who discovered the vulnerability (Alesandro Ortiz) linked here: https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/ ### Checklist - [ ] I've run the tests to see all new and existing tests pass - [ ] I added automated test coverage as appropriate for this change - [x] Commit is prefixed with `(platform)` if this change only applies to one platform (e.g. `(android)`) - [x] If this Pull Request resolves an issue, I linked to the issue in the text above (and used the correct [keyword to close issues using keywords](https://help.github.com/articles/closing-issues-using-keywords/)) - [x] I've updated the documentation if necessary ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
