[jira] [Resolved] (CB-11868) inappbrowser overrides window.open and doesn't follow allow-intent and allow-navigation restrictions

Jesse MacFadyen (JIRA) Tue, 28 Mar 2017 16:50:07 -0700

     [ 
https://issues.apache.org/jira/browse/CB-11868?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jesse MacFadyen resolved CB-11868.
----------------------------------
    Resolution: Not A Problem

> inappbrowser overrides window.open and doesn't follow allow-intent and 
> allow-navigation restrictions
> ----------------------------------------------------------------------------------------------------
>
>                 Key: CB-11868
>                 URL: https://issues.apache.org/jira/browse/CB-11868
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: Plugin InAppBrowser
>    Affects Versions: 3.5.0
>         Environment: android
>            Reporter: Mladen Petrovic
>            Priority: Critical
>              Labels: security
>
> InappBrowser doesn't follow allow-intent and allow-navigation meta tags only 
> in Android.
> It also overrides default window.open(uri, '_self');
> So when i allow only some urls to be allowed like this:
> <allow-navigation href="http://google.com/"; />
> <allow-intent href="http://google.com"; />
> I can successfully open yahoo.com via window.open('yahoo.com', '_self');
> But if i remove inappBrowser plugin they it follow restriction and will only 
> open google.com
> This happens only in Android, not in iOS.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org

[jira] [Resolved] (CB-11868) inappbrowser overrides window.open and doesn't follow allow-intent and allow-navigation restrictions

Reply via email to