[ https://issues.apache.org/jira/browse/CB-7291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14114174#comment-14114174 ]
ASF subversion and git services commented on CB-7291: ----------------------------------------------------- Commit bb2029db21e78bc307e9fefb4eb1e6761e3ba2b4 in cordova-amazon-fireos's branch refs/heads/master from [~iclelland] [ https://git-wip-us.apache.org/repos/asf?p=cordova-amazon-fireos.git;h=bb2029d ] CB-7291: Add external-launch-whitelist and use it for filtering intent launches > Externally-launchable applications should be configurable > --------------------------------------------------------- > > Key: CB-7291 > URL: https://issues.apache.org/jira/browse/CB-7291 > Project: Apache Cordova > Issue Type: Bug > Components: Android > Affects Versions: 3.5.0 > Reporter: Ian Clelland > Assignee: Ian Clelland > Priority: Blocker > Fix For: 3.6.0 > > > Cordova Android versions up to 3.5.0 would launch any and all external > applications by URL. Any URL not explicitly whitelisted was sent to the > Android intent system for handling. This was the cause of the security > vulnerabilities reported by IBM and disclosed in CVE-2014-3502. > Cordova Android 3.5.1 was released to fix this, which it did by disabling > explicit intents, and explaining how to use a plugin to block other URL > schemes if desired. > We want to have a better official solution than this, so that developers can > easily configure which applications (sms, email, maps, etc) should be > launchable from their Cordova app. > *Proposal* > The proposed solution is to maintain a second whitelist within the app, for > URL patterns which may be used to launch external applications. Then, on URL > loading, these tests will occur (in order): > # URLs which are whitelisted internally (existing list) will cause internal > navigation > # URLs which are whitelisted externally (new list) will attempt to launch an > intent to handle it > # URLs which are not whitelisted at all (in neither list) will be blocked. > *Configuration* > URLs can be added to the new (external) whitelist through an extension to the > {{config.xml}} whitelist syntax: > {code} > <access origin="sms:*" launch-external="yes" /> > {code} > (Any non-empty value for the {{launch-external}} attribute will be considered > "true" when parsing the {{config.xml}} file) > *Open questions* (one about forward-thinking security, the other about > backwards-compatibility): > # What should the default external whitelist be in the application template > that we ship? This will be the case for new apps build with 3.6.0. > # What should the default external whitelist be when there are no {{<access > launch-external="yes">}} tags in {{config.xml}}? This will be the case for > apps which are upgrading to 3.6.0. -- This message was sent by Atlassian JIRA (v6.2#6252)