breautek commented on issue #871: Method isUrlWhiteListed use unsafe function causes url whitelist to bypass URL: https://github.com/apache/cordova-android/issues/871#issuecomment-613210023 @zxhubo I am unable to reproduce this. I've tried variety of url combinations including what you have posted. I've tested on a 7.1.1 android emulator. I even changed the compile/target sdk down lower to those earlier API levels. Those specially crafted URLs doesn't appear to break `android.net.Uri` for me. I even breakpoint and witness the parsing of the URL being parsed correctly. I'm wondering if you can supply a demonstration app for me. PS. For any future security-related issues, you should report the vulnerability privately, via https://www.apache.org/security/
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cordova.apache.org For additional commands, e-mail: commits-h...@cordova.apache.org