[
https://issues.apache.org/jira/browse/CB-5624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13843801#comment-13843801
]
Joe Bowser commented on CB-5624:
--------------------------------
Note: You can't start Cordova unless you use an Intent Filter to do so.
> Cordova may not handle intents correctly, may be possible to override
> config.xml with a custom intent
> -----------------------------------------------------------------------------------------------------
>
> Key: CB-5624
> URL: https://issues.apache.org/jira/browse/CB-5624
> Project: Apache Cordova
> Issue Type: Bug
> Components: Android
> Reporter: Joe Bowser
> Assignee: Joe Bowser
> Labels: security
>
> After seeing this absolutely terrible idea:
> http://blog.cttapp.com/p/phonegap-handleopenurl-for-android, it occured to me
> that it may be possible to use Android Intents to force a Cordova app to
> behave in an improper way. We have been looking at deprecating getProperty
> methods for a while, but we may have to refactor the code.
> This is based on a hunch, but if it's possible to change the startUrl on a
> Cordova app just by creating a stupid Android launcher, then there's a pretty
> big problem. :(
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
