Apache Cordova
  1. Apache Cordova
  2. CB-5988

Allow the Android exec() to be used only by <content>'s domain

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Android
    • Labels:
      None

      Description

      Discussion: http://markmail.org/thread/yohym3xqomjp4a64

      Add a random number to exec() to increase its security.

      Use the domain of the <content> tag as the only one the native side will provide a token to. Both Android and iOS can know the URL of the main frame, and choose not to provide a token if the domain doesn't match that of content (with file:/// always being allowed).

        Activity

        Hide
        ASF subversion and git services added a comment -

        Commit aab47bd4532bfe8707d745638eb5695ac543c681 in cordova-android's branch refs/heads/master from Andrew Grieve
        [ https://git-wip-us.apache.org/repos/asf?p=cordova-android.git;h=aab47bd ]

        CB-5988 Allow exec() only from file: or start-up URL's domain

        Uses prompt() to validate the origin of the calling JS.
        This change also simplifies the start-up logic by explicitly disabling
        the bridge during page transitions and explictly enabling it when the
        JS asks for the bridgeSecret.

        We now wait to fire onNativeReady in JS until the bridge is initialized.
        It is therefore safe to delete the queue-clear/new exec race condition
        code that was in PluginManager.

        Show
        ASF subversion and git services added a comment - Commit aab47bd4532bfe8707d745638eb5695ac543c681 in cordova-android's branch refs/heads/master from Andrew Grieve [ https://git-wip-us.apache.org/repos/asf?p=cordova-android.git;h=aab47bd ] CB-5988 Allow exec() only from file: or start-up URL's domain Uses prompt() to validate the origin of the calling JS. This change also simplifies the start-up logic by explicitly disabling the bridge during page transitions and explictly enabling it when the JS asks for the bridgeSecret. We now wait to fire onNativeReady in JS until the bridge is initialized. It is therefore safe to delete the queue-clear/new exec race condition code that was in PluginManager.
        Hide
        ASF subversion and git services added a comment -

        Commit 558e8d55db0699da095f1973de71dcf97a6184d9 in cordova-js's branch refs/heads/master from Andrew Grieve
        [ https://git-wip-us.apache.org/repos/asf?p=cordova-js.git;h=558e8d5 ]

        CB-5988 android: Allow exec() only from file: or start-up URL's domain

        Native side of change:
        http://git-wip-us.apache.org/repos/asf/cordova-android/commit/aab47bd4

        Show
        ASF subversion and git services added a comment - Commit 558e8d55db0699da095f1973de71dcf97a6184d9 in cordova-js's branch refs/heads/master from Andrew Grieve [ https://git-wip-us.apache.org/repos/asf?p=cordova-js.git;h=558e8d5 ] CB-5988 android: Allow exec() only from file: or start-up URL's domain Native side of change: http://git-wip-us.apache.org/repos/asf/cordova-android/commit/aab47bd4
        Hide
        ASF subversion and git services added a comment -

        Commit e2ddbd366fcf7404775669add3c7806bd8ac89e9 in cordova-mobile-spec's branch refs/heads/master from Andrew Grieve
        [ https://git-wip-us.apache.org/repos/asf?p=cordova-mobile-spec.git;h=e2ddbd3 ]

        CB-5988 Add unit test for android bridge being blocked for data: URLs

        Show
        ASF subversion and git services added a comment - Commit e2ddbd366fcf7404775669add3c7806bd8ac89e9 in cordova-mobile-spec's branch refs/heads/master from Andrew Grieve [ https://git-wip-us.apache.org/repos/asf?p=cordova-mobile-spec.git;h=e2ddbd3 ] CB-5988 Add unit test for android bridge being blocked for data: URLs
        Hide
        Andrew Grieve added a comment -

        Fixed in 3.6.0-dev (might go out as 3.5.1)

        Show
        Andrew Grieve added a comment - Fixed in 3.6.0-dev (might go out as 3.5.1)
        Hide
        ASF subversion and git services added a comment -

        Commit aab47bd4532bfe8707d745638eb5695ac543c681 in cordova-android's branch refs/heads/4.0.x from Andrew Grieve
        [ https://git-wip-us.apache.org/repos/asf?p=cordova-android.git;h=aab47bd ]

        CB-5988 Allow exec() only from file: or start-up URL's domain

        Uses prompt() to validate the origin of the calling JS.
        This change also simplifies the start-up logic by explicitly disabling
        the bridge during page transitions and explictly enabling it when the
        JS asks for the bridgeSecret.

        We now wait to fire onNativeReady in JS until the bridge is initialized.
        It is therefore safe to delete the queue-clear/new exec race condition
        code that was in PluginManager.

        Show
        ASF subversion and git services added a comment - Commit aab47bd4532bfe8707d745638eb5695ac543c681 in cordova-android's branch refs/heads/4.0.x from Andrew Grieve [ https://git-wip-us.apache.org/repos/asf?p=cordova-android.git;h=aab47bd ] CB-5988 Allow exec() only from file: or start-up URL's domain Uses prompt() to validate the origin of the calling JS. This change also simplifies the start-up logic by explicitly disabling the bridge during page transitions and explictly enabling it when the JS asks for the bridgeSecret. We now wait to fire onNativeReady in JS until the bridge is initialized. It is therefore safe to delete the queue-clear/new exec race condition code that was in PluginManager.

          People

          • Assignee:
            Andrew Grieve
            Reporter:
            Andrew Grieve
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development