Re: Nomination for a new chair for Apache Cordova

[kerrishotts]

+1 

Thanks for everything you’ve done for Cordova. Jesse will do an amazing job, I 
have no doubt! 

Best,
~ Kerri 

Sent from my phone. 


  

> On Dec 7, 2018, at 08:36, Oliver Salzburg  wrote:
> 
> +1
> 
> Thanks for everything!
> 
>> On Fri, Dec 7, 2018 at 10:22 AM Jan Piotrowski  wrote:
>> 
>> +1
>> 
>> Thanks to you both!
>> Am Fr., 7. Dez. 2018 um 10:05 Uhr schrieb julio cesar sanchez
>> :
>>> 
>>> +1
>>> 
>>> And thanks to you for all this years and to him for taking over
>>> 
>>> El El vie, 7 dic 2018 a las 8:02, Toplak Daniel 
>>> escribió:
>>> 
 Hello Shazron,
 
 thank you for your hard work the last few years and I will totally
>> agree
 with the nomination of Jesse :-)
 +1
 
 Grüße / Regards
 Daniel Toplak
 Head of Mobile Development
 
> -Ursprüngliche Nachricht-
> Von: Shazron 
> Gesendet: Friday, December 7, 2018 03:30
> An: dev@cordova.apache.org
> Betreff: Nomination for a new chair for Apache Cordova
> 
> Hello beloved Community!
> I have been the chair of Apache Cordova since around April 2014 (~4.5
 years).
> 
> The duties are mostly administrative: board reports, PMC management
>> etc.
 Some
> of it is listed here in the README:
> https://github.com/apache/cordova-apache-board-reports
> 
> I think it is time for new leadership. I have decided to resign my
 duties as the
> Apache Cordova chair, hopefully for the upcoming new year of 2019.
> 
> I nominate Jesse MacFadyen as the next chair. Jesse has been with me
>> at
 the start
> when Cordova was PhoneGap. Although we didn't give birth to it, we
 helped work
> on improving Cordova from being an infant to adulthood (together with
 our great
> team), particularly on cordova-ios.
> 10 years is adulthood in software!
> 
> He has also contributed greatly to the other platforms and tooling,
 particularly
> cordova-windows. He has the most experience with helping run the
>> Cordova
> project out of the remaining active contributors.
> 
> As an Apache Member (https://www.apache.org/foundation/members.html)
> he also understands and helps uphold 'The Apache Way'
> (https://www.apache.org/foundation/how-it-works.html) and will be a
 great liaison
> with the Board.
> 
> I'm not going anywhere and I will still contribute to the project in
>> my
 areas of
> expertise.
> 
> Thank you.
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
> For additional commands, e-mail: dev-h...@cordova.apache.org
 
 
>> 
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
>> For additional commands, e-mail: dev-h...@cordova.apache.org
>> 
>> 

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

Re: Stepping Back

[kerrishotts]

Hey Joe — thanks for all your efforts over these years. Best of luck in your 
new team. 

Best,
~ Kerri 

Sent from my phone. 


  

> On Jun 20, 2018, at 14:22, Joe Bowser  wrote:
> 
> Hey
> 
> As many people may be aware, I've moved on to another team at Adobe, so I
> will no longer be able to be the primary maintainer of Cordova for Android,
> and I won't be available to review any PRs in the future.  It's been an
> interesting decade of development, and I'm thankful for all the people who
> chose to try and build applications with PhoneGap/Cordova, even if it
> wasn't the right choice for them.
> 
> Thanks
> 
> Joe Bowser

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs pull request #727: CB-13247 - Blog post for Cordova iOS 4.5.0 R...

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/727#discussion_r137931549
  
--- Diff: www/_posts/2017-09-08-ios-release.md ---
@@ -0,0 +1,72 @@
+---
+layout: post
+author:
+name: Shazron Abdullah
+url: https://twitter.com/shazron
+title:  "Cordova iOS 4.5.0"
+categories: announcements
+tags: news releases
+---
+
+We are happy to announce a minor version of `Cordova iOS 4.5.0` has been 
released!
+
+Three new features were added:
+1. [CB-12937](https://issues.apache.org/jira/browse/CB-12937) - Plugins 
can receive `handleOpenURLWithApplicationSourceAndAnnotation:` now (new 
selector, that sends the URL with additional metadata) 
+2. [CB-13164](https://issues.apache.org/jira/browse/CB-13164) - Integrated 
cordova-plugin-console to build in support for window.console. 
+3. [CB-10916](https://issues.apache.org/jira/browse/CB-10916) - Support 
[display name](/docs/en/dev/config_ref/index.html#name) for **iOS**
+
+Note that for [CB-13164](https://issues.apache.org/jira/browse/CB-13164) 
if you already included `cordova-plugin-console` in your project, you must 
**remove** that plugin if not your project will not build.
--- End diff --

Perhaps

> **Important!** If you have included `cordova-plugin-console` in your 
project, you must **remove** it, otherwise your project will not build.


---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

Re: Cordova-Android 7.0: Upgrading Java Requirement to 7.0

[kerrishotts]

+1

Sent from my phone. 

___
Kerri 

> On Jun 29, 2017, at 13:34, Joe Bowser  wrote:
> 
> Hey
> 
> I think we should accept this PR to attract newer developers.  Sure, we
> could adopt Java 8, but I think being stuck with Java 6 may be limiting
> contributions.  Does anyone have any thoughts on this?
> 
> https://github.com/apache/cordova-android/pull/380

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

Re: cordova-lib proposal on test directory reorganization

[kerrishotts]

Everything looked good from my once over -- thanks for the work you're putting 
in to this!

Sent from my phone. 

___
Kerri 

> On Jun 27, 2017, at 12:44, Filip Maj  wrote:
> 
> I'm planning on merging this in later today if there are no more
> comments. So far only positive ones!
> 
>> On Mon, Jun 26, 2017 at 7:45 AM, Filip Maj  wrote:
>> Still looking for a bit more feedback, please take a look if you have
>> time! Thanks Anis for your feedback :)
>> 
>> Don't worry about the diff / changeset (~1900 files changed!), the PR
>> description, I think, summarizes the changes well enough. Almost all
>> the changes are renaming files and tweaking the directory structure.
>> 
>> I am thinking of merging this in Wednesday if I get no more comments,
>> or possibly sooner if I get nothing but positive feedback. They are
>> big directory structure changes, and the sooner we can get this in,
>> the less rebase headache will exist.
>> 
>> Thanks!
>> Fil
>> 
>>> On Thu, Jun 22, 2017 at 5:41 PM, Filip Maj  wrote:
>>> Proposal up in PR form here: https://github.com/apache/cordova-lib/pull/568
>>> 
>>> tl;dr consolidating `spec-cordova/` and `spec-plugman` directories
>>> into one, setting up to for one-unit-test-spec.js per source-module.js
>>> file.
>>> 
>>> Looking for eyes and feedback! If you have any, please drop comments in the 
>>> PR.
>>> 
>>> Thanks!
>>> Fil
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
> For additional commands, e-mail: dev-h...@cordova.apache.org
> 

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

Re: [DRAFT] Apache Cordova Board Report - June 2017

[kerrishotts]

LGTM. 

Sent from my phone. 

___
Kerri Shotts
photoKandy Studios, LLC

On the Web: http://www.photokandy.com/

Social Media:
  Twitter: @photokandy, http://twitter.com/photokandy
  Tumblr: http://photokandy.tumblr.com/
  Github: https://github.com/kerrishotts
https://github.com/organizations/photokandyStudios
  CoderWall: https://coderwall.com/kerrishotts

Apps on the Apple Store:
  https://itunes.apple.com/us/artist/photokandy-studios-llc/id498577828

Books:
 http://www.packtpub.com/phonegap-2-mobile-application-hotshot/book
  http://www.packtpub.com/phonegap-social-app-development/book

> On Jun 18, 2017, at 15:13, Shazron <shaz...@gmail.com> wrote:
> 
> Please review and comment if necessary.
> 
> I would like a couple of +1 or LGTM before I send it off on Monday
> 
> https://github.com/cordova/apache-board-reports/blob/master/2017/2017-06.md

[GitHub] cordova-lib pull request #562: Removing lazy load, platform command refactor...

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-lib/pull/562#discussion_r122233685
  
--- Diff: spec-cordova/platform/index.spec.js ---
@@ -0,0 +1,181 @@
+/**
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+/* eslint-env jasmine */
+
+var rewire = require('rewire');
+var platform = rewire('../../src/cordova/platform');
+var cordova_util = require('../../src/cordova/util');
+
+describe('cordova/platform', function () {
+var hooksRunnerRevert;
+var projectRoot = 'somepath';
+beforeEach(function () {
+// TODO: if we can change HooksRunner from a prototypal class to a 
function or object,
+// we could eliminate the need for rewire here and use just 
jasmine spies.
+hooksRunnerRevert = platform.__set__('HooksRunner', function () 
{});
+spyOn(cordova_util, 'cdProjectRoot').and.returnValue(projectRoot);
+});
+
+afterEach(function () {
+hooksRunnerRevert();
+});
+
+describe('main module function', function () {
+describe('error/warning conditions', function () {
+// TODO: what about other commands? update? save?
+it('should require at least one platform for add and remove 
commands', function (done) {
+// targets = empty array
+platform('add', []).then(function () {
+fail('should not succeed without targets');
+}, function (err) {
+expect(err).toMatch(/You need to qualify.* with one or 
more platforms/gi);
--- End diff --

Out of scope for this commit, but I'd love to see the ability to use 
`expect(err).toBeInstanceOf(CordovaErrors.ExpectedOneOrMorePlatforms)`. That 
way should the error message ever change, the test still passes. Plus, then we 
don't have to worry about ignoring dynamic portions of the error.

I have no idea how big a job that might be (I expect it'd be pretty big!), 
so I'm just throwing it out there as a "nice-to-have", but I wouldn't want it 
to hold up any progress on this commit, which is super important.

Thanks for your hard work on this, BTW! 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-plugin-file-transfer issue #179: CB-12809 android

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-plugin-file-transfer/pull/179
  
+1 to deprecation as well.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/703#discussion_r115361265
  
--- Diff: www/docs/en/dev/guide/appdev/security/index.md ---
@@ -27,69 +27,155 @@ description: Information and tips for building a 
secure application.
 The following guide includes some security best practices that you should 
consider when developing a Cordova application. Please be aware that security 
is a very complicated topic and therefore this guide is not exhaustive. If you 
believe you can contribute to this guide, please feel free to file an issue in 
Cordova's bug tracker under 
["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). 
 This guide is designed to be applicable to general Cordova development (all 
platforms) but special platform-specific considerations will be noted.
 
 ## This guide discusses the following topics:
+
+* General Tips
+* Plugins and Security
+* Content Security Policy
 * Whitelist
-* Iframes and the Callback Id Mechanism
 * Certificate Pinning
 * Self-signed Certificates
+* Wrapping external sites and hot code push
 * Encrypted storage
-* General Tips
 * Recommended Articles and Other Resources
 
+## General Tips
+
+### Use InAppBrowser for outside links
+
+Use the InAppBrowser when opening links to any outside website. This is 
much safer than whitelisting a domain name and including the content directly 
in your application because the InAppBrowser will use the native browser's 
security features and will not give the website access to your Cordova 
environment. Even if you trust the third party website and include it directly 
in your application, that third party website could link to malicious web 
content.
+
+### Validate all user input
+
+Always validate any and all input that your application accepts. This 
includes usernames, passwords, dates, uploaded media, etc. Because an attacker 
could manipulate your HTML and JS assets (either by decompiling your 
application or using debugging tools like `chrome://inspect`), this validation 
should also be performed on your server, especially before handing the data off 
to any backend service.
+
+> **Tip**: Other sources where data should be validated: user documents, 
contacts, push notifications
+
+### Do not cache sensitive data
+
+If usernames, password, geolocation information, and other sensitive data 
is cached, then it could potentially be retrieved later by an unauthorized user 
or application.
+
+### Don't use eval()
+
+The JavaScript function eval() has a long history of being abused. Using 
it incorrectly can open your code up for injection attacks, debugging 
difficulties, and slower code execution.
+
+### Do not assume that your source code is secure
+
+Since a Cordova application is built from HTML and JavaScript assets that 
get packaged in a native container, you should not consider your code to be 
secure. It is possible to reverse engineer a Cordova application.
+
+A sampling of what you should not include in your code:
+
+* Authentication information (usernames, passwords, keys, etc.)
+* Encryption keys
+* Trade secrets
+
+### Do not assume storage containers are secure
+
+Even if a device itself is encrypted, if someone has access to the device 
and can unlock it, you should not assume that data stored in various formats 
and containers is safe. Even SQLite databases are easily human readable once 
access is gained.
+
+As long as you're storing non-sensitive information, this isn't a big 
deal. But if you were storing passwords, keys, and other sensitive information, 
the data could be easily extracted, and depending on what was stored, could be 
used against your app and remote servers.
+
+For example, on iOS, if you store data in `localStorage`, the data itself 
is easily readable to anyone who has access to the device. This is because 
`localStorage` is backed by an unencrypted SQLite database. The underlying 
storage of the device may in fact be encrypted (and so it would be inaccessible 
while the device is locked), but once the device decrypts the file, the 
contents themselves are mostly in the clear. As such, the contents of 
`localStorage` can be easily read and even changed.
+
+## Plugins and Security
+
+Due to the way the native portion of Cordova communicates with your web 
code, it is possible for any code executing within the main webview context to 
communicate with any installed plugins. This means that you should _never_ 
permit untrusted content within the primary webview. This can include 
third-party advertisements, sites within an `iframe`, and even content injected 
via `innerHTML`.
+
+If you must inject content into the primary webview, be certain that

[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/703#discussion_r115358538
  
--- Diff: www/docs/en/dev/guide/appdev/security/index.md ---
@@ -27,69 +27,155 @@ description: Information and tips for building a 
secure application.
 The following guide includes some security best practices that you should 
consider when developing a Cordova application. Please be aware that security 
is a very complicated topic and therefore this guide is not exhaustive. If you 
believe you can contribute to this guide, please feel free to file an issue in 
Cordova's bug tracker under 
["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). 
 This guide is designed to be applicable to general Cordova development (all 
platforms) but special platform-specific considerations will be noted.
 
 ## This guide discusses the following topics:
+
+* General Tips
+* Plugins and Security
+* Content Security Policy
 * Whitelist
-* Iframes and the Callback Id Mechanism
 * Certificate Pinning
 * Self-signed Certificates
+* Wrapping external sites and hot code push
 * Encrypted storage
-* General Tips
 * Recommended Articles and Other Resources
 
+## General Tips
+
+### Use InAppBrowser for outside links
+
+Use the InAppBrowser when opening links to any outside website. This is 
much safer than whitelisting a domain name and including the content directly 
in your application because the InAppBrowser will use the native browser's 
security features and will not give the website access to your Cordova 
environment. Even if you trust the third party website and include it directly 
in your application, that third party website could link to malicious web 
content.
+
+### Validate all user input
+
+Always validate any and all input that your application accepts. This 
includes usernames, passwords, dates, uploaded media, etc. Because an attacker 
could manipulate your HTML and JS assets (either by decompiling your 
application or using debugging tools like `chrome://inspect`), this validation 
should also be performed on your server, especially before handing the data off 
to any backend service.
+
+> **Tip**: Other sources where data should be validated: user documents, 
contacts, push notifications
+
+### Do not cache sensitive data
+
+If usernames, password, geolocation information, and other sensitive data 
is cached, then it could potentially be retrieved later by an unauthorized user 
or application.
+
+### Don't use eval()
+
+The JavaScript function eval() has a long history of being abused. Using 
it incorrectly can open your code up for injection attacks, debugging 
difficulties, and slower code execution.
+
+### Do not assume that your source code is secure
+
+Since a Cordova application is built from HTML and JavaScript assets that 
get packaged in a native container, you should not consider your code to be 
secure. It is possible to reverse engineer a Cordova application.
+
+A sampling of what you should not include in your code:
+
+* Authentication information (usernames, passwords, keys, etc.)
+* Encryption keys
+* Trade secrets
+
+### Do not assume storage containers are secure
+
+Even if a device itself is encrypted, if someone has access to the device 
and can unlock it, you should not assume that data stored in various formats 
and containers is safe. Even SQLite databases are easily human readable once 
access is gained.
+
+As long as you're storing non-sensitive information, this isn't a big 
deal. But if you were storing passwords, keys, and other sensitive information, 
the data could be easily extracted, and depending on what was stored, could be 
used against your app and remote servers.
+
+For example, on iOS, if you store data in `localStorage`, the data itself 
is easily readable to anyone who has access to the device. This is because 
`localStorage` is backed by an unencrypted SQLite database. The underlying 
storage of the device may in fact be encrypted (and so it would be inaccessible 
while the device is locked), but once the device decrypts the file, the 
contents themselves are mostly in the clear. As such, the contents of 
`localStorage` can be easily read and even changed.
+
+## Plugins and Security
+
+Due to the way the native portion of Cordova communicates with your web 
code, it is possible for any code executing within the main webview context to 
communicate with any installed plugins. This means that you should _never_ 
permit untrusted content within the primary webview. This can include 
third-party advertisements, sites within an `iframe`, and even content injected 
via `innerHTML`.
+
+If you must inject content into the primary webview, be certain that

[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/703#discussion_r115358440
  
--- Diff: www/docs/en/dev/guide/appdev/security/index.md ---
@@ -27,69 +27,155 @@ description: Information and tips for building a 
secure application.
 The following guide includes some security best practices that you should 
consider when developing a Cordova application. Please be aware that security 
is a very complicated topic and therefore this guide is not exhaustive. If you 
believe you can contribute to this guide, please feel free to file an issue in 
Cordova's bug tracker under 
["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). 
 This guide is designed to be applicable to general Cordova development (all 
platforms) but special platform-specific considerations will be noted.
 
 ## This guide discusses the following topics:
+
+* General Tips
+* Plugins and Security
+* Content Security Policy
 * Whitelist
-* Iframes and the Callback Id Mechanism
 * Certificate Pinning
 * Self-signed Certificates
+* Wrapping external sites and hot code push
 * Encrypted storage
-* General Tips
 * Recommended Articles and Other Resources
 
+## General Tips
+
+### Use InAppBrowser for outside links
+
+Use the InAppBrowser when opening links to any outside website. This is 
much safer than whitelisting a domain name and including the content directly 
in your application because the InAppBrowser will use the native browser's 
security features and will not give the website access to your Cordova 
environment. Even if you trust the third party website and include it directly 
in your application, that third party website could link to malicious web 
content.
+
+### Validate all user input
+
+Always validate any and all input that your application accepts. This 
includes usernames, passwords, dates, uploaded media, etc. Because an attacker 
could manipulate your HTML and JS assets (either by decompiling your 
application or using debugging tools like `chrome://inspect`), this validation 
should also be performed on your server, especially before handing the data off 
to any backend service.
+
+> **Tip**: Other sources where data should be validated: user documents, 
contacts, push notifications
+
+### Do not cache sensitive data
+
+If usernames, password, geolocation information, and other sensitive data 
is cached, then it could potentially be retrieved later by an unauthorized user 
or application.
+
+### Don't use eval()
+
+The JavaScript function eval() has a long history of being abused. Using 
it incorrectly can open your code up for injection attacks, debugging 
difficulties, and slower code execution.
+
+### Do not assume that your source code is secure
+
+Since a Cordova application is built from HTML and JavaScript assets that 
get packaged in a native container, you should not consider your code to be 
secure. It is possible to reverse engineer a Cordova application.
+
+A sampling of what you should not include in your code:
+
+* Authentication information (usernames, passwords, keys, etc.)
+* Encryption keys
+* Trade secrets
+
+### Do not assume storage containers are secure
+
+Even if a device itself is encrypted, if someone has access to the device 
and can unlock it, you should not assume that data stored in various formats 
and containers is safe. Even SQLite databases are easily human readable once 
access is gained.
+
+As long as you're storing non-sensitive information, this isn't a big 
deal. But if you were storing passwords, keys, and other sensitive information, 
the data could be easily extracted, and depending on what was stored, could be 
used against your app and remote servers.
+
+For example, on iOS, if you store data in `localStorage`, the data itself 
is easily readable to anyone who has access to the device. This is because 
`localStorage` is backed by an unencrypted SQLite database. The underlying 
storage of the device may in fact be encrypted (and so it would be inaccessible 
while the device is locked), but once the device decrypts the file, the 
contents themselves are mostly in the clear. As such, the contents of 
`localStorage` can be easily read and even changed.
+
+## Plugins and Security
+
+Due to the way the native portion of Cordova communicates with your web 
code, it is possible for any code executing within the main webview context to 
communicate with any installed plugins. This means that you should _never_ 
permit untrusted content within the primary webview. This can include 
third-party advertisements, sites within an `iframe`, and even content injected 
via `innerHTML`.
+
+If you must inject content into the primary webview, be certain that

[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/703#discussion_r115358385
  
--- Diff: www/docs/en/dev/guide/appdev/security/index.md ---
@@ -27,69 +27,155 @@ description: Information and tips for building a 
secure application.
 The following guide includes some security best practices that you should 
consider when developing a Cordova application. Please be aware that security 
is a very complicated topic and therefore this guide is not exhaustive. If you 
believe you can contribute to this guide, please feel free to file an issue in 
Cordova's bug tracker under 
["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). 
 This guide is designed to be applicable to general Cordova development (all 
platforms) but special platform-specific considerations will be noted.
 
 ## This guide discusses the following topics:
+
+* General Tips
+* Plugins and Security
+* Content Security Policy
 * Whitelist
-* Iframes and the Callback Id Mechanism
 * Certificate Pinning
 * Self-signed Certificates
+* Wrapping external sites and hot code push
 * Encrypted storage
-* General Tips
 * Recommended Articles and Other Resources
 
+## General Tips
+
+### Use InAppBrowser for outside links
+
+Use the InAppBrowser when opening links to any outside website. This is 
much safer than whitelisting a domain name and including the content directly 
in your application because the InAppBrowser will use the native browser's 
security features and will not give the website access to your Cordova 
environment. Even if you trust the third party website and include it directly 
in your application, that third party website could link to malicious web 
content.
+
+### Validate all user input
+
+Always validate any and all input that your application accepts. This 
includes usernames, passwords, dates, uploaded media, etc. Because an attacker 
could manipulate your HTML and JS assets (either by decompiling your 
application or using debugging tools like `chrome://inspect`), this validation 
should also be performed on your server, especially before handing the data off 
to any backend service.
+
+> **Tip**: Other sources where data should be validated: user documents, 
contacts, push notifications
+
+### Do not cache sensitive data
+
+If usernames, password, geolocation information, and other sensitive data 
is cached, then it could potentially be retrieved later by an unauthorized user 
or application.
+
+### Don't use eval()
+
+The JavaScript function eval() has a long history of being abused. Using 
it incorrectly can open your code up for injection attacks, debugging 
difficulties, and slower code execution.
+
+### Do not assume that your source code is secure
+
+Since a Cordova application is built from HTML and JavaScript assets that 
get packaged in a native container, you should not consider your code to be 
secure. It is possible to reverse engineer a Cordova application.
+
+A sampling of what you should not include in your code:
+
+* Authentication information (usernames, passwords, keys, etc.)
+* Encryption keys
+* Trade secrets
+
+### Do not assume storage containers are secure
+
+Even if a device itself is encrypted, if someone has access to the device 
and can unlock it, you should not assume that data stored in various formats 
and containers is safe. Even SQLite databases are easily human readable once 
access is gained.
+
+As long as you're storing non-sensitive information, this isn't a big 
deal. But if you were storing passwords, keys, and other sensitive information, 
the data could be easily extracted, and depending on what was stored, could be 
used against your app and remote servers.
+
+For example, on iOS, if you store data in `localStorage`, the data itself 
is easily readable to anyone who has access to the device. This is because 
`localStorage` is backed by an unencrypted SQLite database. The underlying 
storage of the device may in fact be encrypted (and so it would be inaccessible 
while the device is locked), but once the device decrypts the file, the 
contents themselves are mostly in the clear. As such, the contents of 
`localStorage` can be easily read and even changed.
+
+## Plugins and Security
+
+Due to the way the native portion of Cordova communicates with your web 
code, it is possible for any code executing within the main webview context to 
communicate with any installed plugins. This means that you should _never_ 
permit untrusted content within the primary webview. This can include 
third-party advertisements, sites within an `iframe`, and even content injected 
via `innerHTML`.
+
+If you must inject content into the primary webview, be certain that

[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/703#discussion_r115357887
  
--- Diff: www/docs/en/dev/guide/appdev/security/index.md ---
@@ -27,69 +27,155 @@ description: Information and tips for building a 
secure application.
 The following guide includes some security best practices that you should 
consider when developing a Cordova application. Please be aware that security 
is a very complicated topic and therefore this guide is not exhaustive. If you 
believe you can contribute to this guide, please feel free to file an issue in 
Cordova's bug tracker under 
["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). 
 This guide is designed to be applicable to general Cordova development (all 
platforms) but special platform-specific considerations will be noted.
 
 ## This guide discusses the following topics:
+
+* General Tips
+* Plugins and Security
+* Content Security Policy
 * Whitelist
-* Iframes and the Callback Id Mechanism
 * Certificate Pinning
 * Self-signed Certificates
+* Wrapping external sites and hot code push
 * Encrypted storage
-* General Tips
 * Recommended Articles and Other Resources
 
+## General Tips
+
+### Use InAppBrowser for outside links
+
+Use the InAppBrowser when opening links to any outside website. This is 
much safer than whitelisting a domain name and including the content directly 
in your application because the InAppBrowser will use the native browser's 
security features and will not give the website access to your Cordova 
environment. Even if you trust the third party website and include it directly 
in your application, that third party website could link to malicious web 
content.
+
+### Validate all user input
+
+Always validate any and all input that your application accepts. This 
includes usernames, passwords, dates, uploaded media, etc. Because an attacker 
could manipulate your HTML and JS assets (either by decompiling your 
application or using debugging tools like `chrome://inspect`), this validation 
should also be performed on your server, especially before handing the data off 
to any backend service.
+
+> **Tip**: Other sources where data should be validated: user documents, 
contacts, push notifications
+
+### Do not cache sensitive data
+
+If usernames, password, geolocation information, and other sensitive data 
is cached, then it could potentially be retrieved later by an unauthorized user 
or application.
+
+### Don't use eval()
+
+The JavaScript function eval() has a long history of being abused. Using 
it incorrectly can open your code up for injection attacks, debugging 
difficulties, and slower code execution.
+
+### Do not assume that your source code is secure
+
+Since a Cordova application is built from HTML and JavaScript assets that 
get packaged in a native container, you should not consider your code to be 
secure. It is possible to reverse engineer a Cordova application.
--- End diff --

Mmm -- I like that much better. :-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/703#discussion_r115357795
  
--- Diff: www/docs/en/dev/guide/appdev/security/index.md ---
@@ -27,69 +27,155 @@ description: Information and tips for building a 
secure application.
 The following guide includes some security best practices that you should 
consider when developing a Cordova application. Please be aware that security 
is a very complicated topic and therefore this guide is not exhaustive. If you 
believe you can contribute to this guide, please feel free to file an issue in 
Cordova's bug tracker under 
["Documentation"](https://issues.apache.org/jira/browse/CB/component/12316407). 
 This guide is designed to be applicable to general Cordova development (all 
platforms) but special platform-specific considerations will be noted.
 
 ## This guide discusses the following topics:
+
+* General Tips
+* Plugins and Security
+* Content Security Policy
 * Whitelist
-* Iframes and the Callback Id Mechanism
 * Certificate Pinning
 * Self-signed Certificates
+* Wrapping external sites and hot code push
 * Encrypted storage
-* General Tips
 * Recommended Articles and Other Resources
 
+## General Tips
+
+### Use InAppBrowser for outside links
+
+Use the InAppBrowser when opening links to any outside website. This is 
much safer than whitelisting a domain name and including the content directly 
in your application because the InAppBrowser will use the native browser's 
security features and will not give the website access to your Cordova 
environment. Even if you trust the third party website and include it directly 
in your application, that third party website could link to malicious web 
content.
+
+### Validate all user input
+
+Always validate any and all input that your application accepts. This 
includes usernames, passwords, dates, uploaded media, etc. Because an attacker 
could manipulate your HTML and JS assets (either by decompiling your 
application or using debugging tools like `chrome://inspect`), this validation 
should also be performed on your server, especially before handing the data off 
to any backend service.
+
+> **Tip**: Other sources where data should be validated: user documents, 
contacts, push notifications
+
+### Do not cache sensitive data
+
+If usernames, password, geolocation information, and other sensitive data 
is cached, then it could potentially be retrieved later by an unauthorized user 
or application.
--- End diff --

Yes, this needs to be worded better and have some concrete examples. :-) I 
think "caching" is the wrong word here (this was copied from the previous 
version) -- "store" is probably more accurate.

I _think_ attacks would either have to be device-in-hand attacks (since 
you'd need to get into the file system -- that's when you hope the device is 
protected with a pin & is encrypted!) or malware / viruses that abused some 
security hole (or ran amuck on a rooted/JB'd device). OR, if the app stored 
data in a public area on the file system (say, on Android), that would be risky 
too. (Hopefully no one would do that, though...!) So yes... more examples of 
what is meant by this would be good.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs pull request #703: CB-12770: revise security documentation

[kerrishotts]

GitHub user kerrishotts opened a pull request:

https://github.com/apache/cordova-docs/pull/703

CB-12770: revise security documentation

This is a *rough* first pass at revising the security documentation. 
Comments are very welcome!

** NOT READY FOR MERGE YET **

### What does this PR do?

Update security documentation

### Checklist
- [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) 
in the JIRA database
- [X] Commit message follows the format: "CB-3232: (android) Fix bug with 
resolving file paths", where CB- is the JIRA ID & "android" is the platform 
affected.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kerrishotts/cordova-docs CB-12770

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-docs/pull/703.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #703


commit 012f3f92e5bf1d4394b0d50f0f2e2bc7d2982bcc
Author: Kerri Shotts <kerrisho...@gmail.com>
Date:   2017-05-08T15:19:19Z

CB-12770: revise security documentation




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/699#discussion_r113565956
  
--- Diff: www/_posts/2017-04-21-cordova-7.md ---
@@ -0,0 +1,46 @@
+---
+layout: post
+author:
+name: Audrey So
+url: https://twitter.com/aud_rey_so
+title:  "Apache Cordova 7.0.0"
+categories: news
+tags: news releases
+---
+
+We are happy to announce that `Apache Cordova 7.0.0` has been released!
+
+Most notable changes include:
+* If a `package.json` does not exist in your project, it will be 
auto-created for you when `cordova prepare` is called.
+* When adding a platform or plugin, it will automatically save that 
platform or plugin to your `config.xml` and `package.json`. Details about 
platform and plugin versions are also automatically saved in `config.xml` and 
`package.json`. The `--save` flag is no longer required to save. Use `--nosave` 
to prevent saving to `config.xml` or `package.json`.
+* Fetch is now the default setting for fetching platforms. Fetch uses your 
system `npm` to `npm install` modules into your project. The `--fetch` flag is 
no longer required. Use the `--nofetch` flag to use the older cordova fetching 
method (pre `cordova@7`) and prevent using `npm install` to do the fetching.
--- End diff --

Hmmm. To me you're referring to the feature named "fetch", not the setting 
(although you do use the word "setting" -- I think I would use "method"). So:

"Fetch is now the default method for fetching platforms. Fetch uses your 
system"

You could reword this a bit to avoid the issue entirely, but I think this 
is clear enough without being overly verbose.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/699#discussion_r113545976
  
--- Diff: www/_posts/2017-04-21-cordova-7.md ---
@@ -0,0 +1,46 @@
+---
+layout: post
+author:
+name: Audrey So
+url: https://twitter.com/aud_rey_so
+title:  "Apache Cordova 7.0.0"
+categories: news
+tags: news releases
+---
+
+We are happy to announce that `Apache Cordova 7.0.0` has been released!
+
+Most notable changes include:
+* If a `package.json` does not exist in your project, it will be 
auto-created for you when `cordova prepare` is called.
+* When adding a platform or plugin, it will automatically save that 
platform or plugin to your `config.xml` and `package.json`. Details about 
platform and plugin versions are also automatically saved in `config.xml` and 
`package.json`. The `--save` flag is no longer required to save. Use `--nosave` 
to prevent saving to `config.xml` or `package.json`.
+* Fetch is now the default setting for fetching platforms. Fetch uses your 
system `npm` to `npm install` modules into your project. The `--fetch` flag is 
no longer required. Use the `--nofetch` flag to use the older cordova fetching 
method (pre `cordova@7`) and prevent using `npm install` to do the fetching.
+* After `cordova prepare` is run, `package.json` and `config.xml` should 
contain identical platforms and versions.  In case of conflicts, `package.json` 
is given precedence over `config.xml`. For example, suppose `package.json` 
contains `cordova-android@6.0.0` and `config.xml` contains 
`cordova-android@4.0.0`. After `cordova prepare` is run, `config.xml` and 
`package.json` will each contain only `cordova-android@6.0.0`.
+* Users can install any platform due to removing known platform check for 
platform API. For instance, users can now add custom platforms to their 
projects.
+* Platforms and plugins are now required to have a package.json file.
+
+Example: 
+
+   cordova platform add custom-platform-name
+
+Link to how to create your own platforms:
+
+* A cordova config command has been created to `set`, `get`, `delete`, 
`edit`, and `list` global cordova options. For example, you can use the 
following command `cordova config set  ` to set the value of 
autosave or fetch to true or false. 
+
+In this case, you are turning off autosave as the default setting. 
Example: 
+
+   cordova config set autosave false
+
+In this case, you are turning off fetch as the default setting. Example:
+
+   cordova config set fetch false
+
+In addition, the cordova config command supports browserify setting, which 
allows the JavaScript of plugins to be loaded at build time compared to run 
time. For instance, if the browserify value is not explicility passed in by the 
user, the cordova config command will automatically set the browserify value 
saved in `~/.config/configstore/` to saved `globally`. Users can get and set 
browserify. Example:
--- End diff --

?: In this case --> In the following case

or, "For example, if you want to turn off `fetch` as the default setting:"

To me, "this" refers to something that has already been mentioned, so I was 
looking above, not below.

Also, backticks around `fetch`, `autosave`, `browserify`


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/699#discussion_r113545528
  
--- Diff: www/_posts/2017-04-21-cordova-7.md ---
@@ -0,0 +1,46 @@
+---
+layout: post
+author:
+name: Audrey So
+url: https://twitter.com/aud_rey_so
+title:  "Apache Cordova 7.0.0"
+categories: news
+tags: news releases
+---
+
+We are happy to announce that `Apache Cordova 7.0.0` has been released!
+
+Most notable changes include:
+* If a `package.json` does not exist in your project, it will be 
auto-created for you when `cordova prepare` is called.
+* When adding a platform or plugin, it will automatically save that 
platform or plugin to your `config.xml` and `package.json`. Details about 
platform and plugin versions are also automatically saved in `config.xml` and 
`package.json`. The `--save` flag is no longer required to save. Use `--nosave` 
to prevent saving to `config.xml` or `package.json`.
+* Fetch is now the default setting for fetching platforms. Fetch uses your 
system `npm` to `npm install` modules into your project. The `--fetch` flag is 
no longer required. Use the `--nofetch` flag to use the older cordova fetching 
method (pre `cordova@7`) and prevent using `npm install` to do the fetching.
+* After `cordova prepare` is run, `package.json` and `config.xml` should 
contain identical platforms and versions.  In case of conflicts, `package.json` 
is given precedence over `config.xml`. For example, suppose `package.json` 
contains `cordova-android@6.0.0` and `config.xml` contains 
`cordova-android@4.0.0`. After `cordova prepare` is run, `config.xml` and 
`package.json` will each contain only `cordova-android@6.0.0`.
+* Users can install any platform due to removing known platform check for 
platform API. For instance, users can now add custom platforms to their 
projects.
+* Platforms and plugins are now required to have a package.json file.
+
+Example: 
+
+   cordova platform add custom-platform-name
+
+Link to how to create your own platforms:
+
+* A cordova config command has been created to `set`, `get`, `delete`, 
`edit`, and `list` global cordova options. For example, you can use the 
following command `cordova config set  ` to set the value of 
autosave or fetch to true or false. 
--- End diff --

global cordova --> global Cordova


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/699#discussion_r113545395
  
--- Diff: www/_posts/2017-04-21-cordova-7.md ---
@@ -0,0 +1,46 @@
+---
+layout: post
+author:
+name: Audrey So
+url: https://twitter.com/aud_rey_so
+title:  "Apache Cordova 7.0.0"
+categories: news
+tags: news releases
+---
+
+We are happy to announce that `Apache Cordova 7.0.0` has been released!
+
+Most notable changes include:
+* If a `package.json` does not exist in your project, it will be 
auto-created for you when `cordova prepare` is called.
+* When adding a platform or plugin, it will automatically save that 
platform or plugin to your `config.xml` and `package.json`. Details about 
platform and plugin versions are also automatically saved in `config.xml` and 
`package.json`. The `--save` flag is no longer required to save. Use `--nosave` 
to prevent saving to `config.xml` or `package.json`.
+* Fetch is now the default setting for fetching platforms. Fetch uses your 
system `npm` to `npm install` modules into your project. The `--fetch` flag is 
no longer required. Use the `--nofetch` flag to use the older cordova fetching 
method (pre `cordova@7`) and prevent using `npm install` to do the fetching.
+* After `cordova prepare` is run, `package.json` and `config.xml` should 
contain identical platforms and versions.  In case of conflicts, `package.json` 
is given precedence over `config.xml`. For example, suppose `package.json` 
contains `cordova-android@6.0.0` and `config.xml` contains 
`cordova-android@4.0.0`. After `cordova prepare` is run, `config.xml` and 
`package.json` will each contain only `cordova-android@6.0.0`.
+* Users can install any platform due to removing known platform check for 
platform API. For instance, users can now add custom platforms to their 
projects.
+* Platforms and plugins are now required to have a package.json file.
+
+Example: 
+
+   cordova platform add custom-platform-name
+
+Link to how to create your own platforms:
+
+* A cordova config command has been created to `set`, `get`, `delete`, 
`edit`, and `list` global cordova options. For example, you can use the 
following command `cordova config set  ` to set the value of 
autosave or fetch to true or false. 
--- End diff --

to set the value of `autosave` or `fetch` to `true` or `false`. 



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/699#discussion_r113544594
  
--- Diff: www/_posts/2017-04-21-cordova-7.md ---
@@ -0,0 +1,46 @@
+---
+layout: post
+author:
+name: Audrey So
+url: https://twitter.com/aud_rey_so
+title:  "Apache Cordova 7.0.0"
+categories: news
+tags: news releases
+---
+
+We are happy to announce that `Apache Cordova 7.0.0` has been released!
+
+Most notable changes include:
+* If a `package.json` does not exist in your project, it will be 
auto-created for you when `cordova prepare` is called.
+* When adding a platform or plugin, it will automatically save that 
platform or plugin to your `config.xml` and `package.json`. Details about 
platform and plugin versions are also automatically saved in `config.xml` and 
`package.json`. The `--save` flag is no longer required to save. Use `--nosave` 
to prevent saving to `config.xml` or `package.json`.
+* Fetch is now the default setting for fetching platforms. Fetch uses your 
system `npm` to `npm install` modules into your project. The `--fetch` flag is 
no longer required. Use the `--nofetch` flag to use the older cordova fetching 
method (pre `cordova@7`) and prevent using `npm install` to do the fetching.
--- End diff --

Also: if leaving Cordova in, it needs capitalized.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs pull request #699: cordova7_post : cordova7 release post

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-docs/pull/699#discussion_r113544467
  
--- Diff: www/_posts/2017-04-21-cordova-7.md ---
@@ -0,0 +1,46 @@
+---
+layout: post
+author:
+name: Audrey So
+url: https://twitter.com/aud_rey_so
+title:  "Apache Cordova 7.0.0"
+categories: news
+tags: news releases
+---
+
+We are happy to announce that `Apache Cordova 7.0.0` has been released!
+
+Most notable changes include:
+* If a `package.json` does not exist in your project, it will be 
auto-created for you when `cordova prepare` is called.
+* When adding a platform or plugin, it will automatically save that 
platform or plugin to your `config.xml` and `package.json`. Details about 
platform and plugin versions are also automatically saved in `config.xml` and 
`package.json`. The `--save` flag is no longer required to save. Use `--nosave` 
to prevent saving to `config.xml` or `package.json`.
+* Fetch is now the default setting for fetching platforms. Fetch uses your 
system `npm` to `npm install` modules into your project. The `--fetch` flag is 
no longer required. Use the `--nofetch` flag to use the older cordova fetching 
method (pre `cordova@7`) and prevent using `npm install` to do the fetching.
--- End diff --

Perhaps: use the `--nofetch` flag to revert to pre-7.0 behavior (`npm 
install` is _not_ used to fetch modules)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #302: CB-11895: openURL: is deprecated on iOS 10

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/302
  
@shazron: thanks for the catch; fixed up now. Waiting on CI.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios pull request #302: CB-11895: openURL: is deprecated on iOS 10

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:

https://github.com/apache/cordova-ios/pull/302#discussion_r111295873
  
--- Diff: 
CordovaLib/Classes/Private/Plugins/CDVIntentAndNavigationFilter/CDVIntentAndNavigationFilter.m
 ---
@@ -115,11 +115,18 @@ + 
(BOOL)shouldOverrideLoadWithRequest:(NSURLRequest*)request navigationType:(UIW
 case CDVIntentAndNavigationFilterValueNavigationAllowed:
 return YES;
 case CDVIntentAndNavigationFilterValueIntentAllowed:
-// only allow-intent if it's a 
UIWebViewNavigationTypeLinkClicked (anchor tag) OR
-// it's a UIWebViewNavigationTypeOther, and it's an internal 
link
-if ([[self class] shouldOpenURLRequest:request 
navigationType:navigationType]){
--- End diff --

Whoops; trigger-happy `dd`, apparently. Fixing up.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios pull request #302: CB-11895: openURL: is deprecated on iOS 10

[kerrishotts]

GitHub user kerrishotts opened a pull request:

https://github.com/apache/cordova-ios/pull/302

CB-11895: openURL: is deprecated on iOS 10



### Platforms affected

- iOS

### What does this PR do?

Addresses deprecation of openURL: in iOS 10 by using 
openURL:options:completionHandler: instead.

### What testing has been done on this change?

- CI Testing OK
- Tested in sim on 10.3 and 9.3 & verified appropriate methods were called

### Checklist
- [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) 
in the JIRA database
- [X] Commit message follows the format: "CB-3232: (android) Fix bug with 
resolving file paths", where CB- is the JIRA ID & "android" is the platform 
affected.
- [X] Added automated test coverage as appropriate for this change.
- not applicable to this change


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kerrishotts/cordova-ios CB-11895

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-ios/pull/302.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #302


commit 7e9a22efcdcd085b68970dca61156e6995586e25
Author: Kerri Shotts <kerrisho...@gmail.com>
Date:   2017-04-12T21:02:57Z

CB-11895: openURL: is deprecated on iOS 10




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

Re: [DRAFT][REPORT] Cordova - March 2017

[kerrishotts]

+1

Sent from my phone. 

___
Kerri Shotts

> On Mar 13, 2017, at 19:43, Shazron  wrote:
> 
> I will send this out later tonight/early tomorrow if there are no comments:
> 
> https://github.com/cordova/apache-board-reports/blob/master/2017/2017-03.md

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #295: CB-12309: Missing CLI help for --developmentTeam

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/295
  
No problem; I'll take care of it tomorrow.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios pull request #295: CB-12309: Missing CLI help for --developmentT...

[kerrishotts]

GitHub user kerrishotts opened a pull request:

https://github.com/apache/cordova-ios/pull/295

CB-12309: Missing CLI help for --developmentTeam



### Platforms affected

iOS

### What does this PR do?

Adds `--developmentTeam` to build help.

### What testing has been done on this change?

Automated & manual testing

### Checklist
- [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) 
in the JIRA database
- [X] Commit message follows the format: "CB-3232: (android) Fix bug with 
resolving file paths", where CB- is the JIRA ID & "android" is the platform 
affected.
- [X] Added automated test coverage as appropriate for this change.
- No additional tests needed


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kerrishotts/cordova-ios CB-12309

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-ios/pull/295.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #295






---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-plugin-dialogs issue #92: added support for destructive Button on iO...

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-plugin-dialogs/pull/92
  
Please review the [Cordova Contributor 
Guidelines](https://cordova.apache.org/contribute/contribute_guidelines.html), 
file a Jira issue and update this PR appropriately.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #277: CB-11243: Fix target-device and deployment-target pr...

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/277
  
@shazron @zetura I was able to run a couple apps (both cordova-ios@4.3.1) 
at iPhone resolutions on an iPad simulator just now, with and without launch 
storyboards. @zetura, it might help to see the screenshots from Apple to see 
what they saw, if can share them (redact as necessary).


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs pull request #684: CB-12502: (ios) Document minimum iOS version...

[kerrishotts]

GitHub user kerrishotts opened a pull request:

https://github.com/apache/cordova-docs/pull/684

CB-12502: (ios) Document minimum iOS version support / Xcode requirements



### Platforms affected

iOS Docs

### What does this PR do?

- Refresh Xcode screenshots
- Document minimum Xcode requirement and OS X version.
- Document opening Xcode from terminal
- Use xcworkspace instead of xcodeproj


### What testing has been done on this change?

Viewed document locally

### Checklist
- [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) 
in the JIRA database
- [X] Commit message follows the format: "CB-3232: (android) Fix bug with 
resolving file paths", where CB- is the JIRA ID & "android" is the platform 
affected.
- [X] Added automated test coverage as appropriate for this change.
- N/A


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kerrishotts/cordova-docs CB-12502

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-docs/pull/684.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #684


commit 3a03297ea23874ef8ec5a33cca2200becb50ce1e
Author: Kerri Shotts <kerrisho...@gmail.com>
Date:   2017-02-24T19:35:48Z

CB-12502: Refresh Xcode screenshots
Document minimum Xcode requirement and OS X version.
Document opening Xcode from terminal
Use xcworkspace instead of xcodeproj




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs issue #683: 2017-02-01 committership blog post

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-docs/pull/683
  
Love, love, love! :-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs issue #677: CB-12358: added tools release blog post

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-docs/pull/677
  
LGTM


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios pull request #286: CB-12287: Remove hardcoded simulator build de...

[kerrishotts]

GitHub user kerrishotts opened a pull request:

https://github.com/apache/cordova-ios/pull/286

CB-12287: Remove hardcoded simulator build destination



### Platforms affected

iOS 4.3.1 and below

### What does this PR do?

In `cordova-ios@4.3.1` and below, the Xcode build destination when building 
for a simulator is hardcoded as "iPhone 5s". This works as long as the user has 
an iPhone 5s simulator installed, but if they remove it, the build process 
breaks.

This PR follows the same logic as `cordova emulate ios` in choosing a 
default destination, but also respects `--target` if specified. For example:

```
$ cordova emulate ios   # will currently select iPhone SE simulator 
to build against and emulate
$ cordova emulate ios --target="iPhone-7-Plus"  # will build against 
and emulate on the iPhone 7+
```

If there are no simulators available, the behavior is undefined, but Xcode 
wouldn't be able to build either.

### What testing has been done on this change?

Manual tests and `npm test`

### Checklist
- [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) 
in the JIRA database
- [X] Commit message follows the format: "CB-3232: (android) Fix bug with 
resolving file paths", where CB- is the JIRA ID & "android" is the platform 
affected.
- [X] Added automated test coverage as appropriate for this change.
- Note: a couple of tests were modified so that they could pass, but 
they don't actually test this issue. Tests covering the inner logic will come 
in a separate PR


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/kerrishotts/cordova-ios CB-12287

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-ios/pull/286.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #286


commit 3c0ba16324c0892beec1fd4c741714836cd2
Author: Kerri Shotts <ksho...@apache.org>
Date:   2017-01-10T05:29:00Z

CB-12287: Remove hardcoded simulator build destination




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-plugin-wkwebview-engine issue #26: Allow XHR to file:// and allow lo...

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-plugin-wkwebview-engine/pull/26
  
@rubenstolk: 

First, thanks for the contribution!

However, in this instance, I agree with @shazron; the fix may work, but due 
to the unsupported and undocumented nature of this, it puts all apps built with 
this engine at far too much risk (both for rejection and future failure). This 
isn't "giving up", but when Apple says 'don't do it that way', we have to 
figure something else out. You might try 
[this](https://github.com/apache/cordova-plugins/tree/master/wkwebview-engine-localhost),
 which might help in your case.

Of course, the community is free to fork the repository and add the code 
themselves. If the suggestion above doesn't work, that would be my next 
suggestion, but of course, that doesn't mean you might not get a rejection from 
Apple when submitting to the store. For Enterprise stuff that wouldn't matter, 
but the app might stop working in the future should Apple change how that 
setting works.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #281: Hard link instead of soft linking

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/281
  
Can you update the title so that it includes the issue number with the 
following form:

issue#: description

That way the issue tracker will get all the updates here automatically.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

Re: [DISCUSS] Split cordova-lib modules into their own repos

[kerrishotts]

A huge +1 from me!

Sent from my phone. 

> On Nov 22, 2016, at 19:30, Steven Gill  wrote:
> 
> Right now, cordova-lib git repo [1] has cordova-serve, cordova-common,
> cordova-fetch & cordova-lib modules. This is an anti-pattern in node. You
> can't install any of those modules via gitURL since they are all
> subdirectories.
> 
> I propose to split these modules into their own git repos. Thoughts?
> 
> [1] https://github.com/apache/cordova-lib
> [2] https://issues.apache.org/jira/browse/CB-11980

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #280: CB-12155: Create automated tests for launch storyboa...

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/280
  
Let there be tests... :-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #280: CB-12155: Create automated tests for launch storyboa...

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/280
  
@shazron: Thanks -- I noticed that. I've got a patch for it in CB-12084 
which I'm going to pull in first, which should clear up the existing issues. 
Then I need add a couple more tests for the changes in CB-12084. Once done, 
this should be good-to-go for 4.3.1 assuming nothing else crops up. ;-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios pull request #280: CB-12155: Create automated tests for launch s...

[kerrishotts]

GitHub user kerrishotts opened a pull request:

https://github.com/apache/cordova-ios/pull/280

CB-12155: Create automated tests for launch storyboard feature



### Platforms affected

- iOS

### What does this PR do?

Tests the launch storyboard feature introduced by CB-9762. 

### What testing has been done on this change?

Tests have been tested with `npm run unit-tests`

### Checklist
- [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) 
in the JIRA database
- [X] Commit message follows the format: "CB-3232: (android) Fix bug with 
resolving file paths", where CB- is the JIRA ID & "android" is the platform 
affected.
- [X] Added automated test coverage as appropriate for this change.
- Note: some tests are marked as [PENDING]; need to pull CB-12084 in 
before those can be finished


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kerrishotts/cordova-ios CB-12155

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-ios/pull/280.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #280


commit 222a76265bf28ac3a393b2c5ee1045a2669864eb
Author: Kerri Shotts <ksho...@apache.org>
Date:   2016-11-18T21:43:40Z

CB-12155: Let there be storyboard tests




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #279: CB-12084: Update project build settings & plist

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/279
  
Let there be /more/ tests!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #279: CB-12084: Update project build settings & plist

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/279
  
let there be tests!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios pull request #279: CB-12084: Update project build settings & pli...

[kerrishotts]

GitHub user kerrishotts opened a pull request:

https://github.com/apache/cordova-ios/pull/279

CB-12084: Update project build settings & plist



### Platforms affected

 - iOS

### What does this PR do?

Addresses the bug discovered in CB-12084 where cleaning would corrupt the 
Xcode project. Also addresses the particular use case where the user was 
eliminating legacy launch images from the Xcode project -- this code will now 
take care of that automatically.

Here's the logic:

- If the user only specifies images for the storyboard, then the Xcode 
project should not attempt to use an asset catalog for launch images as well. 
This PR will remove that particular build property from the project 
(`ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME`)
- If the user specifies both storyboard images and legacy launch images, 
then nothing changes; build settings will continue to have 
`ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME` set to `LaunchImage`.
- If the user specifies ONLY legacy launch images, 
`ASSETCATALOG_COMPILER_LAUNCHIMAGE_NAME` is set to `LaunchImage`; this ensures 
that if the user has gone back to legacy images after having tried the 
storyboard images that the Xcode project still works as expected.

### What testing has been done on this change?

- Manual testing in each of the above scenarios
- `npm test` completed successfully with no errors (but it would as no 
tests currently trigger any of the above behavior)
- Travis CI is green.

### Checklist
- [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) 
in the JIRA database
- [X] Commit message follows the format: "CB-3232: (android) Fix bug with 
resolving file paths", where CB- is the JIRA ID & "android" is the platform 
affected.
- [X] Added automated test coverage as appropriate for this change.
- Note that automated test coverage is coming in a separate PR since 
that test coverage will test the feature as a whole (not just this change).

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kerrishotts/cordova-ios CB-12084

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-ios/pull/279.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #279


commit 7b8d7c3ef4bb6ce9c38adef61f3632e4ba6a8f32
Author: Kerri Shotts <ksho...@apache.org>
Date:   2016-11-16T05:15:16Z

CB-12084: Update project build settings & plist

If no legacy images are provided, we should remove the launch image asset
compiler setting. If legacy images are present, we should make sure it is
present. We also need to make sure to properly delete launch storyboard 
rather
than setting to undefined.




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #276: CB-12130 - Launch storyboard images are not updated ...

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/276
  
Pulled in; thanks for your contribution!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #276: CB-12130 - Launch storyboard images are not updated ...

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/276
  
Awesome; thanks! :-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #276: CB-12130 - Launch storyboard images are not updated ...

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/276
  
@NielsLeenheer -- would you mind squashing these commits down to a single 
commit? I'd like to pull this in.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs issue #660: Announcement for Cordova Android 6.0 and Cordova An...

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-docs/pull/660
  
LGTM


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

Re: [DISCUSS] Tools release!

[kerrishotts]

LGTM

Sent from my phone. 

___
Kerri Shotts

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs issue #655: CB-12054 - Cordova iOS 4.3.0 release announcement

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-docs/pull/655
  
LGTM :)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-docs issue #646: CB-11946 - Blog post for Node 0.x and 4.x deprecati...

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-docs/pull/646
  
+1 LGTM :-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-plugin-splashscreen pull request #114: CB-11829: (iOS) Support for C...

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:


https://github.com/apache/cordova-plugin-splashscreen/pull/114#discussion_r81187425
  
--- Diff: README.md ---
@@ -51,6 +51,206 @@ Report issues with this plugin on the [Apache Cordova 
issue tracker][Apache Cord
 
 __Note__: Extended splashscreen does not require the plugin on Windows (as 
opposed to Android and iOS) in case you don't use the plugin API, i.e. 
programmatic hide/show.
 
+### iOS-specific information
+
+There are two mechanisms for displaying a launch screen on iOS:
+
+1. Legacy launch images: images are sized exactly for the device's screen 
size. Does not support the iPad Pro 12.9's native resolution or 
split-screen/slide-over multitasking.
+
+2. Launch storyboard images: Images are sized based on scale, idiom, and 
size classes. Supports all devices, and can be used with 
split-screen/slide-over multitasking.
+
+Apple is moving away from legacy launch images. There is no official 
support for providing a native-resolution launch image for the iPad pro 12.9 or 
for providing launch images that work with split-screen multitasking or 
slide-over. If your app doesn't need to support these contexts, then you can 
continue to use legacy launch images for as long as you like. 
--- End diff --

fixed; thanks for catching it! :-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-plugin-splashscreen pull request #114: CB-11829: (iOS) Support for C...

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:


https://github.com/apache/cordova-plugin-splashscreen/pull/114#discussion_r81187431
  
--- Diff: README.md ---
@@ -51,6 +51,206 @@ Report issues with this plugin on the [Apache Cordova 
issue tracker][Apache Cord
 
 __Note__: Extended splashscreen does not require the plugin on Windows (as 
opposed to Android and iOS) in case you don't use the plugin API, i.e. 
programmatic hide/show.
 
+### iOS-specific information
+
+There are two mechanisms for displaying a launch screen on iOS:
+
+1. Legacy launch images: images are sized exactly for the device's screen 
size. Does not support the iPad Pro 12.9's native resolution or 
split-screen/slide-over multitasking.
+
+2. Launch storyboard images: Images are sized based on scale, idiom, and 
size classes. Supports all devices, and can be used with 
split-screen/slide-over multitasking.
+
+Apple is moving away from legacy launch images. There is no official 
support for providing a native-resolution launch image for the iPad pro 12.9 or 
for providing launch images that work with split-screen multitasking or 
slide-over. If your app doesn't need to support these contexts, then you can 
continue to use legacy launch images for as long as you like. 
+
+The preferred method of providing launch images is to use a launch 
storyboard. For native app developers, the ideal launch storyboard is an 
unpopulated version of the app's user interface at launch. For non-native app 
developers who don't wish to learn interface builder, however, this plugin 
simulates the legacy launch image method as much as is feasible.
--- End diff --

fixed; thanks for catching it! :-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios pull request #260: CB-10078 fixed by refreshing cached userAgent...

[kerrishotts]

GitHub user kerrishotts opened a pull request:

https://github.com/apache/cordova-ios/pull/260

CB-10078 fixed by refreshing cached userAgent on version bump

Adds app version to the list of items that invalidates the cached user 
agent.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kerrishotts/cordova-ios CB-10078

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-ios/pull/260.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #260


commit 35df991ea4be247b7c04d7837e2f2e4d7509b91c
Author: Kerri Shotts <ksho...@apache.org>
Date:   2016-09-28T21:34:38Z

CB-10078 fixed by refreshing cached userAgent on version bump




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-plugin-splashscreen pull request #114: CB-11829: (iOS) Support for C...

[kerrishotts]

GitHub user kerrishotts opened a pull request:

https://github.com/apache/cordova-plugin-splashscreen/pull/114

CB-11829: (iOS) Support for CB-9762; docs (CB-11830)



### Platforms affected

* iOS

### What does this PR do?

Supports launch storyboards as describe in CB-9762. Add documentation for 
the feature (no other great place to put it)

### What testing has been done on this change?

* Manual testing on devices

### Checklist
- [X] [ICLA](http://www.apache.org/licenses/icla.txt) has been signed and 
submitted to secret...@apache.org.
- [X] [Reported an issue](http://cordova.apache.org/contribute/issues.html) 
in the JIRA database
- [X] Commit message follows the format: "CB-3232: (android) Fix bug with 
resolving file paths", where CB- is the JIRA ID & "android" is the platform 
affected.
- [X] Added automated test coverage as appropriate for this change.
- No automated testing added; appearance has to be verified manually.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kerrishotts/cordova-plugin-splashscreen 
CB-11829

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-plugin-splashscreen/pull/114.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #114


commit f8895acb741b201a9e1110ead875988b23b95a4c
Author: Kerri Shotts <kerrisho...@gmail.com>
Date:   2016-09-22T20:17:33Z

CB-11829: (iOS) Support for CB-9762; docs (CB-11830)




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios issue #250: CB-9762 (iOS) Add launch storyboard support

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-ios/pull/250
  
@shazron: Thanks! Removed my last commit and waiting on CI results -- 
should all be green now with #258. :-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-plugin-statusbar issue #62: CB:-9161 Support iPad multitasking in iO...

[kerrishotts]

Github user kerrishotts commented on the issue:

https://github.com/apache/cordova-plugin-statusbar/pull/62
  
Okay; tapping the status bar works now on my iPad Pro (iOS10b8 and GM).


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-ios pull request #250: CB-9762 (iOS) Add launch storyboard support

[kerrishotts]

GitHub user kerrishotts opened a pull request:

https://github.com/apache/cordova-ios/pull/250

CB-9762 (iOS) Add launch storyboard support

- [X] Signed ICLA
- [X] Jira Issue: [CB-9762](https://issues.apache.org/jira/browse/CB-9762)
- [X] Tests:
- [X] Automated (npm test; all passing)  Note: no automated tests for 
this functionality, though
- [X] Manual (with and without launch storyboard images):
- iPhone 6s (iOS 10b8)
- iPad Pro (iOS 10b8)

Note: The splashscreen plugin will require updating to use the new images; 
but I think that should be a separate (but related) issue. I don't think it 
will be difficult to add though (crossing my fingers)!

Note: Documentation will need to be updated to reflect the changes in this 
PR

Note: No default splash images are provided; they would be overwritten 
anyway upon
adding the platform. I've added the images I used below:

![default 2x universal 
anyany](https://cloud.githubusercontent.com/assets/164498/18167642/545814e8-7017-11e6-8b55-8f24e412ca70.png)
![default 2x universal 
comany](https://cloud.githubusercontent.com/assets/164498/18167643/547aa1ac-7017-11e6-8334-86598ed1afd3.png)
![default 2x universal 
comcom](https://cloud.githubusercontent.com/assets/164498/18167644/547b1dda-7017-11e6-888b-ada91b8572a1.png)
![default 3x universal 
anycom](https://cloud.githubusercontent.com/assets/164498/18167645/547e5bbc-7017-11e6-9665-dff978bff0aa.png)
![default 3x universal 
comany](https://cloud.githubusercontent.com/assets/164498/18167646/54828070-7017-11e6-9bce-63de89bfd406.png)





You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kerrishotts/cordova-ios CB-9762

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-ios/pull/250.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #250


commit 12eb374e93987a260dce57b5be1acbe1279a61e1
Author: Kerri Shotts <kerrisho...@gmail.com>
Date:   2016-08-24T22:49:20Z

CB-9762 Add launch storyboard support

NB: No default splash images are provided; they would be overwritten anyway 
upon
adding the platform.




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-plugin-statusbar pull request #62: CB:-9161 Support iPad multitaskin...

[kerrishotts]

Github user kerrishotts commented on a diff in the pull request:


https://github.com/apache/cordova-plugin-statusbar/pull/62#discussion_r77159431
  
--- Diff: src/ios/CDVStatusBar.m ---
@@ -132,13 +132,15 @@ - (void)pluginInitialize
 
 // blank scroll view to intercept status bar taps
 self.webView.scrollView.scrollsToTop = NO;
-UIScrollView *fakeScrollView = [[UIScrollView alloc] 
initWithFrame:UIScreen.mainScreen.bounds];
+
+CGRect bounds = [self.viewController.view.window bounds];
--- End diff --

@jonathanli2: When testing this, I get a (0,0)x(0,0) frame:

(CGRect) bounds = (origin = (x = 0, y = 0), size = (width = 0, height = 
0))

... which means I can't tap the status bar.

I'm testing on iOS 10b8, iPhone 6s and iPad Pro (with and without a launch 
storyboard). 

Could you share a test project that worked for you so I can see what (if 
any) differences there are that might cause this?



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org
For additional commands, e-mail: dev-h...@cordova.apache.org

[GitHub] cordova-plugin-file pull request: [CB- 7057] Improve File API docu...

[kerrishotts]

GitHub user kerrishotts opened a pull request:

https://github.com/apache/cordova-plugin-file/pull/59

[CB- 7057] Improve File API documentation, especially wrt to cordova.file.* 
properties

As discussed on the google groups, the documentation for the 
`cordova.file.*` properties is unclear (see post: 
https://groups.google.com/forum/#!topic/phonegap/W1ZR6WG5XwM). Revised 
documentation to make it clearer, and also added a table indicating how the 
properties relate to the file system and the various properties on each path 
(read-write, private, etc.)

Bug # is CB-7057.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kerrishotts/cordova-plugin-file CB-7057

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/cordova-plugin-file/pull/59.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #59


commit da486e42ec3d5908f8013f9f2a6c42e7aca0a7f5
Author: Kerri Shotts kerrisho...@gmail.com
Date:   2014-07-01T01:06:37Z

Reworded description

Added note that under iOS this directory is read-only (one must use a
subdirectory like /Documents). Also indicated that the contents within
the folder are private.

commit 2575d9e714f020954fa251d733a6415a2f2f1f76
Author: Kerri Shotts kerrisho...@gmail.com
Date:   2014-07-01T01:07:31Z

Reworded description

Reworded to make it clear that the data is persistent and private and
within internal memory. Also added additional options for Android if
external memory is needed and indicated that this directory is not
synced.

commit d6b44960f640f9d2326968f5fd2795d40543d825
Author: Kerri Shotts kerrisho...@gmail.com
Date:   2014-07-01T01:09:05Z

Reworded description

Based on email from @jcesarmobile in dev group (titled More questions
on FileSystem directories)

commit 3bda96d6939f2b69380573ffbec7b958af0fce8a
Author: Kerri Shotts kerrisho...@gmail.com
Date:   2014-07-01T01:09:42Z

Reformatted as list

commit bdc14902bfc22fc86b1f790dbc8297598868c87f
Author: Kerri Shotts kerrisho...@gmail.com
Date:   2014-07-01T01:09:58Z

Added note not to rely on OS clearing

commit 9ea0c3cc74fdce67d42dbbe6c2d2022ea508483b
Author: Kerri Shotts kerrisho...@gmail.com
Date:   2014-07-01T01:11:03Z

Added file system layout information

This is useful information, especially for native developers who may
already be familiar with the file system, but also useful for marking
which directories are writeable, which ones are private/public and
which ones sync, etc.

commit 2a0f0884d063171a8099c35022ea579398c06482
Author: Kerri Shotts kerrisho...@gmail.com
Date:   2014-07-01T01:12:09Z

Formatting

commit 80b172361ba71c318041d29ecf917ce8b8bc8708
Author: Kerri Shotts kerrisho...@gmail.com
Date:   2014-07-01T01:12:32Z

Promoted heading

To match Android/iOS quirk headings

commit 1175156cecf7f5e581fa653451e0a03b737593cf
Author: Kerri Shotts kerrisho...@gmail.com
Date:   2014-07-01T01:12:41Z

Converted to table

commit 67f929bfba49e321c91eb4abd157f1a20ee0776a
Author: Kerri Shotts kerrisho...@gmail.com
Date:   2014-07-01T01:12:59Z

Added quirk

Noted that `applicationStorageDirectory` is read-only.

commit f1e18ebba1193031beb8b81f12b3a7bd59d21abd
Author: Kerri Shotts kerrisho...@gmail.com
Date:   2014-07-01T01:13:10Z

formatting




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---