diff options
Diffstat (limited to 'plugins/cordova-plugin-whitelist')
| -rw-r--r-- | plugins/cordova-plugin-whitelist/CONTRIBUTING.md | 37 | ||||
| -rw-r--r-- | plugins/cordova-plugin-whitelist/LICENSE | 202 | ||||
| -rw-r--r-- | plugins/cordova-plugin-whitelist/NOTICE | 5 | ||||
| -rw-r--r-- | plugins/cordova-plugin-whitelist/README.md | 144 | ||||
| -rw-r--r-- | plugins/cordova-plugin-whitelist/RELEASENOTES.md | 28 | ||||
| -rw-r--r-- | plugins/cordova-plugin-whitelist/package.json | 34 | ||||
| -rw-r--r-- | plugins/cordova-plugin-whitelist/plugin.xml | 47 | ||||
| -rw-r--r-- | plugins/cordova-plugin-whitelist/src/android/WhitelistPlugin.java | 161 | ||||
| -rw-r--r-- | plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.h | 31 | ||||
| -rw-r--r-- | plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.m | 89 | ||||
| -rw-r--r-- | plugins/cordova-plugin-whitelist/whitelist.js | 27 |
11 files changed, 0 insertions, 805 deletions
diff --git a/plugins/cordova-plugin-whitelist/CONTRIBUTING.md b/plugins/cordova-plugin-whitelist/CONTRIBUTING.md deleted file mode 100644 index e4a178f5..00000000 --- a/plugins/cordova-plugin-whitelist/CONTRIBUTING.md +++ /dev/null @@ -1,37 +0,0 @@ -<!-- -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# ---> - -# Contributing to Apache Cordova - -Anyone can contribute to Cordova. And we need your contributions. - -There are multiple ways to contribute: report bugs, improve the docs, and -contribute code. - -For instructions on this, start with the -[contribution overview](http://cordova.apache.org/#contribute). - -The details are explained there, but the important items are: - - Sign and submit an Apache ICLA (Contributor License Agreement). - - Have a Jira issue open that corresponds to your contribution. - - Run the tests so your patch doesn't break existing functionality. - -We look forward to your contributions! diff --git a/plugins/cordova-plugin-whitelist/LICENSE b/plugins/cordova-plugin-whitelist/LICENSE deleted file mode 100644 index 7a4a3ea2..00000000 --- a/plugins/cordova-plugin-whitelist/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License.
\ No newline at end of file diff --git a/plugins/cordova-plugin-whitelist/NOTICE b/plugins/cordova-plugin-whitelist/NOTICE deleted file mode 100644 index 8ec56a52..00000000 --- a/plugins/cordova-plugin-whitelist/NOTICE +++ /dev/null @@ -1,5 +0,0 @@ -Apache Cordova -Copyright 2012 The Apache Software Foundation - -This product includes software developed at -The Apache Software Foundation (http://www.apache.org/). diff --git a/plugins/cordova-plugin-whitelist/README.md b/plugins/cordova-plugin-whitelist/README.md deleted file mode 100644 index def10044..00000000 --- a/plugins/cordova-plugin-whitelist/README.md +++ /dev/null @@ -1,144 +0,0 @@ -<!--- - license: Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> - -# cordova-plugin-whitelist - -This plugin implements a whitelist policy for navigating the application webview on Cordova 4.0 - -## Supported Cordova Platforms - -* Android 4.0.0 or above -* iOS 4.0.0 or above - -## Navigation Whitelist -Controls which URLs the WebView itself can be navigated to. Applies to -top-level navigations only. - -Quirks: on Android it also applies to iframes for non-http(s) schemes. - -By default, navigations only to `file://` URLs, are allowed. To allow other -other URLs, you must add `<allow-navigation>` tags to your `config.xml`: - - <!-- Allow links to example.com --> - <allow-navigation href="http://example.com/*" /> - - <!-- Wildcards are allowed for the protocol, as a prefix - to the host, or as a suffix to the path --> - <allow-havigation href="*://*.example.com/*" /> - - <!-- A wildcard can be used to whitelist the entire network, - over HTTP and HTTPS. - *NOT RECOMMENDED* --> - <allow-navigation href="*" /> - - <!-- The above is equivalent to these three declarations --> - <allow-navigation href="http://*/*" /> - <allow-navigation href="https://*/*" /> - <allow-navigation href="data:*" /> - -## Intent Whitelist -Controls which URLs the app is allowed to ask the system to open. -By default, no external URLs are allowed. - -On Android, this equates to sending an intent of type BROWSEABLE. - -This whitelist does not apply to plugins, only hyperlinks and calls to `window.open()`. - -In `config.xml`, add `<allow-intent>` tags, like this: - - <!-- Allow links to web pages to open in a browser --> - <allow-intent href="http://*/*" /> - <allow-intent href="https://*/*" /> - - <!-- Allow links to example.com to open in a browser --> - <allow-intent href="http://example.com/*" /> - - <!-- Wildcards are allowed for the protocol, as a prefix - to the host, or as a suffix to the path --> - <allow-intent href="*://*.example.com/*" /> - - <!-- Allow SMS links to open messaging app --> - <allow-intent href="sms:*" /> - - <!-- Allow tel: links to open the dialer --> - <allow-intent href="tel:*" /> - - <!-- Allow geo: links to open maps --> - <allow-intent href="geo:*" /> - - <!-- Allow all unrecognized URLs to open installed apps - *NOT RECOMMENDED* --> - <allow-intent href="*" /> - -## Network Request Whitelist -Controls which network requests (images, XHRs, etc) are allowed to be made (via cordova native hooks). - -Note: We suggest you use a Content Security Policy (see below), which is more secure. This whitelist is mostly historical for webviews which do not support CSP. - -In `config.xml`, add `<access>` tags, like this: - - <!-- Allow images, xhrs, etc. to google.com --> - <access origin="http://google.com" /> - <access origin="https://google.com" /> - - <!-- Access to the subdomain maps.google.com --> - <access origin="http://maps.google.com" /> - - <!-- Access to all the subdomains on google.com --> - <access origin="http://*.google.com" /> - - <!-- Enable requests to content: URLs --> - <access origin="content:///*" /> - - <!-- Don't block any requests --> - <access origin="*" /> - -Without any `<access>` tags, only requests to `file://` URLs are allowed. However, the default Cordova application includes `<access origin="*">` by default. - -Quirk: Android also allows requests to https://ssl.gstatic.com/accessibility/javascript/android/ by default, since this is required for TalkBack to function properly. - -### Content Security Policy -Controls which network requests (images, XHRs, etc) are allowed to be made (via webview directly). - -On Android and iOS, the network request whitelist (see above) is not able to filter all types of requests (e.g. `<video>` & WebSockets are not blocked). So, in addition to the whitelist, you should use a [Content Security Policy](http://content-security-policy.com/) `<meta>` tag on all of your pages. - -On Android, support for CSP within the system webview starts with KitKat (but is available on all versions using Crosswalk WebView). - -Here are some example CSP declarations for your `.html` pages: - - <!-- Good default declaration: - * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication - * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly - * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this: - * Enable inline JS: add 'unsafe-inline' to default-src - * Enable eval(): add 'unsafe-eval' to default-src - --> - <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *"> - - <!-- Allow requests to foo.com --> - <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com"> - - <!-- Enable all requests, inline styles, and eval() --> - <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src: 'self' 'unsafe-inline' 'unsafe-eval'"> - - <!-- Allow XHRs via https only --> - <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:"> - - <!-- Allow iframe to https://cordova.apache.org/ --> - <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org"> diff --git a/plugins/cordova-plugin-whitelist/RELEASENOTES.md b/plugins/cordova-plugin-whitelist/RELEASENOTES.md deleted file mode 100644 index 703552ca..00000000 --- a/plugins/cordova-plugin-whitelist/RELEASENOTES.md +++ /dev/null @@ -1,28 +0,0 @@ -<!-- -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# ---> -# Release Notes - -### 1.0.0 (Mar 25, 2015) -* CB-8739 added missing license headers -* Add @Override to CustomConfigXmlParser methods -* Change ID to cordova-plugin-whitelist rather than reverse-DNS-style -* Tweak CSP examples in README -* CB-8660 remove extra commas from package.json diff --git a/plugins/cordova-plugin-whitelist/package.json b/plugins/cordova-plugin-whitelist/package.json deleted file mode 100644 index 2c72e256..00000000 --- a/plugins/cordova-plugin-whitelist/package.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "name": "cordova-plugin-whitelist", - "version": "1.0.0", - "description": "Cordova Whitelist Plugin", - "cordova": { - "platforms": [ - "android", - "ios" - ] - }, - "repository": { - "type": "git", - "url": "https://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist.git" - }, - "keywords": [ - "cordova", - "whitelist", - "ecosystem:cordova", - "cordova-android", - "cordova-ios" - ], - "engines": [ - { - "name": "cordova-android", - "version": ">=4.0.0-dev" - }, - { - "name": "cordova-ios", - "version": ">=4.0.0-dev" - } - ], - "author": "Apache Software Foundation", - "license": "Apache 2.0" -} diff --git a/plugins/cordova-plugin-whitelist/plugin.xml b/plugins/cordova-plugin-whitelist/plugin.xml deleted file mode 100644 index 2ec60b3c..00000000 --- a/plugins/cordova-plugin-whitelist/plugin.xml +++ /dev/null @@ -1,47 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> - -<plugin xmlns="http://apache.org/cordova/ns/plugins/1.0" - id="cordova-plugin-whitelist" - version="1.0.0"> - <name>Whitelist</name> - <description>Cordova Network Whitelist Plugin</description> - <license>Apache 2.0</license> - <keywords>cordova,whitelist,policy</keywords> - - <engines> - <engine name="cordova-android" version=">=4.0.0-dev" /> - </engines> - - <platform name="android"> - <config-file target="res/xml/config.xml" parent="/*"> - <feature name="Whitelist" > - <param name="android-package" value="org.apache.cordova.whitelist.WhitelistPlugin"/> - <param name="onload" value="true" /> - </feature> - </config-file> - - <source-file src="src/android/WhitelistPlugin.java" target-dir="src/org/apache/cordova/whitelist" /> - - <js-module src="whitelist.js" name="whitelist"> - <runs /> - </js-module> - </platform> -</plugin> diff --git a/plugins/cordova-plugin-whitelist/src/android/WhitelistPlugin.java b/plugins/cordova-plugin-whitelist/src/android/WhitelistPlugin.java deleted file mode 100644 index 4e4f57e1..00000000 --- a/plugins/cordova-plugin-whitelist/src/android/WhitelistPlugin.java +++ /dev/null @@ -1,161 +0,0 @@ -/* - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. -*/ - -package org.apache.cordova.whitelist; - -import org.apache.cordova.CordovaPlugin; -import org.apache.cordova.ConfigXmlParser; -import org.apache.cordova.Whitelist; -import org.xmlpull.v1.XmlPullParser; - -import android.content.Context; -import android.util.Log; - -public class WhitelistPlugin extends CordovaPlugin { - private static final String LOG_TAG = "WhitelistPlugin"; - private Whitelist allowedNavigations; - private Whitelist allowedIntents; - private Whitelist allowedRequests; - - // Used when instantiated via reflection by PluginManager - public WhitelistPlugin() { - } - // These can be used by embedders to allow Java-configuration of whitelists. - public WhitelistPlugin(Context context) { - this(new Whitelist(), new Whitelist(), null); - new CustomConfigXmlParser().parse(context); - } - public WhitelistPlugin(XmlPullParser xmlParser) { - this(new Whitelist(), new Whitelist(), null); - new CustomConfigXmlParser().parse(xmlParser); - } - public WhitelistPlugin(Whitelist allowedNavigations, Whitelist allowedIntents, Whitelist allowedRequests) { - if (allowedRequests == null) { - allowedRequests = new Whitelist(); - allowedRequests.addWhiteListEntry("file:///*", false); - allowedRequests.addWhiteListEntry("data:*", false); - } - this.allowedNavigations = allowedNavigations; - this.allowedIntents = allowedIntents; - this.allowedRequests = allowedRequests; - } - @Override - public void pluginInitialize() { - if (allowedNavigations == null) { - allowedNavigations = new Whitelist(); - allowedIntents = new Whitelist(); - allowedRequests = new Whitelist(); - new CustomConfigXmlParser().parse(webView.getContext()); - } - } - - private class CustomConfigXmlParser extends ConfigXmlParser { - @Override - public void handleStartTag(XmlPullParser xml) { - String strNode = xml.getName(); - if (strNode.equals("content")) { - String startPage = xml.getAttributeValue(null, "src"); - allowedNavigations.addWhiteListEntry(startPage, false); - } else if (strNode.equals("allow-navigation")) { - String origin = xml.getAttributeValue(null, "href"); - if ("*".equals(origin)) { - allowedNavigations.addWhiteListEntry("http://*/*", false); - allowedNavigations.addWhiteListEntry("https://*/*", false); - allowedNavigations.addWhiteListEntry("data:*", false); - } else { - allowedNavigations.addWhiteListEntry(origin, false); - } - } else if (strNode.equals("allow-intent")) { - String origin = xml.getAttributeValue(null, "href"); - allowedIntents.addWhiteListEntry(origin, false); - } else if (strNode.equals("access")) { - String origin = xml.getAttributeValue(null, "origin"); - String subdomains = xml.getAttributeValue(null, "subdomains"); - boolean external = (xml.getAttributeValue(null, "launch-external") != null); - if (origin != null) { - if (external) { - Log.w(LOG_TAG, "Found <access launch-external> within config.xml. Please use <allow-intent> instead."); - allowedIntents.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0)); - } else { - if ("*".equals(origin)) { - allowedRequests.addWhiteListEntry("http://*/*", false); - allowedRequests.addWhiteListEntry("https://*/*", false); - } else { - allowedRequests.addWhiteListEntry(origin, (subdomains != null) && (subdomains.compareToIgnoreCase("true") == 0)); - } - } - } - } - } - @Override - public void handleEndTag(XmlPullParser xml) { - } - } - - @Override - public Boolean shouldAllowNavigation(String url) { - if (allowedNavigations.isUrlWhiteListed(url)) { - return true; - } - return null; // Default policy - } - - @Override - public Boolean shouldAllowRequest(String url) { - if (Boolean.TRUE == shouldAllowNavigation(url)) { - return true; - } - if (allowedRequests.isUrlWhiteListed(url)) { - return true; - } - return null; // Default policy - } - - @Override - public Boolean shouldOpenExternalUrl(String url) { - if (allowedIntents.isUrlWhiteListed(url)) { - return true; - } - return null; // Default policy - } - - public Whitelist getAllowedNavigations() { - return allowedNavigations; - } - - public void setAllowedNavigations(Whitelist allowedNavigations) { - this.allowedNavigations = allowedNavigations; - } - - public Whitelist getAllowedIntents() { - return allowedIntents; - } - - public void setAllowedIntents(Whitelist allowedIntents) { - this.allowedIntents = allowedIntents; - } - - public Whitelist getAllowedRequests() { - return allowedRequests; - } - - public void setAllowedRequests(Whitelist allowedRequests) { - this.allowedRequests = allowedRequests; - } -} diff --git a/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.h b/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.h deleted file mode 100644 index d0b93654..00000000 --- a/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - */ - -#import <UIKit/UIKit.h> -#import <Cordova/CDVPlugin.h> -#import <Cordova/CDVWhitelist.h> - -@interface CDVNavigationWhitelistPlugin : CDVPlugin {} - -@property (nonatomic, readonly, strong) CDVWhitelist* whitelist; // readonly for public - -- (BOOL)shouldAllowNavigationToURL:(NSURL *)url; -- (BOOL)shouldAllowRequestForURL:(NSURL *)url; - -@end diff --git a/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.m b/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.m deleted file mode 100644 index 5895e89b..00000000 --- a/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.m +++ /dev/null @@ -1,89 +0,0 @@ -/* - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - */ - -#import "CDVNavigationWhitelistPlugin.h" -#import <Cordova/CDVViewController.h> - -#pragma mark CDVNavigationWhitelistConfigParser - -@interface CDVNavigationWhitelistConfigParser : NSObject <NSXMLParserDelegate> {} - -@property (nonatomic, strong) NSMutableArray* whitelistHosts; - -@end - -@implementation CDVNavigationWhitelistConfigParser - -@synthesize whitelistHosts; - -- (id)init -{ - self = [super init]; - if (self != nil) { - self.whitelistHosts = [[NSMutableArray alloc] initWithCapacity:30]; - [self.whitelistHosts addObject:@"file:///*"]; - [self.whitelistHosts addObject:@"content:///*"]; - [self.whitelistHosts addObject:@"data:///*"]; - } - return self; -} - -- (void)parser:(NSXMLParser*)parser didStartElement:(NSString*)elementName namespaceURI:(NSString*)namespaceURI qualifiedName:(NSString*)qualifiedName attributes:(NSDictionary*)attributeDict -{ - if ([elementName isEqualToString:@"allow-navigation"]) { - [whitelistHosts addObject:attributeDict[@"href"]]; - } -} - -- (void)parser:(NSXMLParser*)parser didEndElement:(NSString*)elementName namespaceURI:(NSString*)namespaceURI qualifiedName:(NSString*)qualifiedName -{ -} - -- (void)parser:(NSXMLParser*)parser parseErrorOccurred:(NSError*)parseError -{ - NSAssert(NO, @"config.xml parse error line %ld col %ld", (long)[parser lineNumber], (long)[parser columnNumber]); -} - - -@end - -#pragma mark CDVNavigationWhitelistPlugin - -@interface CDVNavigationWhitelistPlugin () {} -@property (nonatomic, strong) CDVWhitelist* whitelist; -@end - -@implementation CDVNavigationWhitelistPlugin - -@synthesize whitelist; - -- (void)setViewController:(UIViewController *)viewController -{ - if ([viewController isKindOfClass:[CDVViewController class]]) { - CDVWhitelistConfigParser *whitelistConfigParser = [[CDVWhitelistConfigParser alloc] init]; - [(CDVViewController *)viewController parseSettingsWithParser:whitelistConfigParser]; - self.whitelist = [[CDVWhitelist alloc] initWithArray:whitelistConfigParser.whitelistHosts]; - } -} - -- (BOOL)shouldAllowNavigationToURL:(NSURL *)url -{ - return [self.whitelist URLIsAllowed:url]; -} -@end diff --git a/plugins/cordova-plugin-whitelist/whitelist.js b/plugins/cordova-plugin-whitelist/whitelist.js deleted file mode 100644 index 74d7a99d..00000000 --- a/plugins/cordova-plugin-whitelist/whitelist.js +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * -*/ - -if (!document.querySelector('meta[http-equiv=Content-Security-Policy]')) { - var msg = 'No Content-Security-Policy meta tag found. Please add one when using the cordova-plugin-whitelist plugin.'; - console.error(msg); - setInterval(function() { - console.warn(msg); - }, 10000); -} |