14 files changed, 1234 insertions, 27 deletions
diff --git a/plugins/cordova-plugin-whitelist/README.md b/plugins/cordova-plugin-whitelist/README.md
index def10044..f641b450 100644
--- a/plugins/cordova-plugin-whitelist/README.md
+++ b/plugins/cordova-plugin-whitelist/README.md
@@ -1,20 +1,20 @@
-<!---
- license: Licensed to the Apache Software Foundation (ASF) under one
-         or more contributor license agreements.  See the NOTICE file
-         distributed with this work for additional information
-         regarding copyright ownership.  The ASF licenses this file
-         to you under the Apache License, Version 2.0 (the
-         "License"); you may not use this file except in compliance
-         with the License.  You may obtain a copy of the License at
-
-           http://www.apache.org/licenses/LICENSE-2.0
-
-         Unless required by applicable law or agreed to in writing,
-         software distributed under the License is distributed on an
-         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-         KIND, either express or implied.  See the License for the
-         specific language governing permissions and limitations
-         under the License.
+<!--
+# license: Licensed to the Apache Software Foundation (ASF) under one
+#         or more contributor license agreements.  See the NOTICE file
+#         distributed with this work for additional information
+#         regarding copyright ownership.  The ASF licenses this file
+#         to you under the Apache License, Version 2.0 (the
+#         "License"); you may not use this file except in compliance
+#         with the License.  You may obtain a copy of the License at
+#
+#           http://www.apache.org/licenses/LICENSE-2.0
+#
+#         Unless required by applicable law or agreed to in writing,
+#         software distributed under the License is distributed on an
+#         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#         KIND, either express or implied.  See the License for the
+#         specific language governing permissions and limitations
+#         under the License.
 -->
 
 # cordova-plugin-whitelist
@@ -40,7 +40,7 @@ other URLs, you must add `<allow-navigation>` tags to your `config.xml`:
 
     <!-- Wildcards are allowed for the protocol, as a prefix
          to the host, or as a suffix to the path -->
-    <allow-havigation href="*://*.example.com/*" />
+    <allow-navigation href="*://*.example.com/*" />
 
     <!-- A wildcard can be used to whitelist the entire network,
          over HTTP and HTTPS.
@@ -135,7 +135,7 @@ Here are some example CSP declarations for your `.html` pages:
     <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
 
     <!-- Enable all requests, inline styles, and eval() -->
-    <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src: 'self' 'unsafe-inline' 'unsafe-eval'">
+    <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
 
     <!-- Allow XHRs via https only -->
     <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
diff --git a/plugins/cordova-plugin-whitelist/RELEASENOTES.md b/plugins/cordova-plugin-whitelist/RELEASENOTES.md
index 703552ca..2fb24dce 100644
--- a/plugins/cordova-plugin-whitelist/RELEASENOTES.md
+++ b/plugins/cordova-plugin-whitelist/RELEASENOTES.md
@@ -26,3 +26,11 @@
 * Change ID to cordova-plugin-whitelist rather than reverse-DNS-style
 * Tweak CSP examples in README
 * CB-8660 remove extra commas from package.json
+
+### 1.1.0 (Jun 17, 2015)
+* CB-9128 cordova-plugin-whitelist documentation translation: cordova-plugin-whitelist
+* fix npm md issue
+* Usage of CDVURLRequestFilter protocol.
+* CB-9089 - iOS whitelist plugin does not compile
+* CB-9090 - Enable whitelist plugin for cordova-ios 4.0.0
+* Fixed error in Content-Security-Policy example
diff --git a/plugins/cordova-plugin-whitelist/doc/de/README.md b/plugins/cordova-plugin-whitelist/doc/de/README.md
new file mode 100644
index 00000000..e97eaa63
--- /dev/null
+++ b/plugins/cordova-plugin-whitelist/doc/de/README.md
@@ -0,0 +1,148 @@
+<!--
+# license: Licensed to the Apache Software Foundation (ASF) under one
+#         or more contributor license agreements.  See the NOTICE file
+#         distributed with this work for additional information
+#         regarding copyright ownership.  The ASF licenses this file
+#         to you under the Apache License, Version 2.0 (the
+#         "License"); you may not use this file except in compliance
+#         with the License.  You may obtain a copy of the License at
+#
+#           http://www.apache.org/licenses/LICENSE-2.0
+#
+#         Unless required by applicable law or agreed to in writing,
+#         software distributed under the License is distributed on an
+#         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#         KIND, either express or implied.  See the License for the
+#         specific language governing permissions and limitations
+#         under the License.
+-->
+
+# cordova-plugin-whitelist
+
+Dieses Plugin implementiert eine Whitelist-Politik für die Navigation in der Anwendung Webview Cordova 4.0
+
+## Cordova unterstützte Plattformen
+
+  * Android 4.0.0 oder höher
+  * iOS 4.0.0 oder höher
+
+## Navigation-Whitelist
+
+Steuert, welche URLs die WebView selbst zu navigiert werden kann. Bezieht sich auf der obersten Ebene Navigationen nur.
+
+Macken: auf Android es gilt auch für Iframes für nicht-http(s) Systeme.
+
+In der Standardeinstellung Navigationen nur auf `file://` URLs, sind zulässig. Wenn andere andere URLs zulassen möchten, müssen Sie Ihre `"config.xml"` `<allow-navigation>` Markierungen hinzufügen:
+
+    <!-- Allow links to example.com -->
+    <allow-navigation href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-navigation href="*://*.example.com/*" />
+    
+    <!-- A wildcard can be used to whitelist the entire network,
+         over HTTP and HTTPS.
+         *NOT RECOMMENDED* -->
+    <allow-navigation href="*" />
+    
+    <!-- The above is equivalent to these three declarations -->
+    <allow-navigation href="http://*/*" />
+    <allow-navigation href="https://*/*" />
+    <allow-navigation href="data:*" />
+    
+
+## Vorsatz-Whitelist
+
+Steuert, welche URLs die app zulässig ist, um das System zu öffnen Fragen. Standardmäßig dürfen keine externe URLs.
+
+Das entspricht auf Android eine Absicht des Typs BROWSEABLE senden.
+
+Diese Whitelist gilt nicht für Plugins, nur Hyperlinks und Aufrufe von `window.open()`.
+
+Fügen Sie in `"config.xml"` `<allow-intent>` Tags hinzu, wie folgt:
+
+    <!-- Allow links to web pages to open in a browser -->
+    <allow-intent href="http://*/*" />
+    <allow-intent href="https://*/*" />
+    
+    <!-- Allow links to example.com to open in a browser -->
+    <allow-intent href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-intent href="*://*.example.com/*" />
+    
+    <!-- Allow SMS links to open messaging app -->
+    <allow-intent href="sms:*" />
+    
+    <!-- Allow tel: links to open the dialer -->
+    <allow-intent href="tel:*" />
+    
+    <!-- Allow geo: links to open maps -->
+    <allow-intent href="geo:*" />
+    
+    <!-- Allow all unrecognized URLs to open installed apps
+         *NOT RECOMMENDED* -->
+    <allow-intent href="*" />
+    
+
+## Netzwerk-Anforderung-Whitelist
+
+Steuert, welche-Anforderungen Netzwerk (Bilder, XHRs, etc.) dürfen (über Cordova native Haken) erfolgen.
+
+Hinweis: Wir empfehlen Ihnen eine Content Security Policy (siehe unten), das ist sicherer. Diese Whitelist ist vor allem historisch für Webansichten für die CSP nicht unterstützen.
+
+Fügen Sie in `"config.xml"` `<access>` Tags hinzu, wie folgt:
+
+    <!-- Allow images, xhrs, etc. to google.com -->
+    <access origin="http://google.com" />
+    <access origin="https://google.com" />
+    
+    <!-- Access to the subdomain maps.google.com -->
+    <access origin="http://maps.google.com" />
+    
+    <!-- Access to all the subdomains on google.com -->
+    <access origin="http://*.google.com" />
+    
+    <!-- Enable requests to content: URLs -->
+    <access origin="content:///*" />
+    
+    <!-- Don't block any requests -->
+    <access origin="*" />
+    
+
+Ohne `<access>` -Tags dürfen nur Anforderungen an `file://` URLs. Enthält jedoch die Standardanwendung Cordova `<access origin="*">` standardmäßig.
+
+Eigenart: Android kann auch Anforderungen an https://ssl.gstatic.com/accessibility/javascript/android/ standardmäßig, da dies für TalkBack ordnungsgemäß erforderlich ist.
+
+### Content-Security-Policy
+
+Steuert, welche-Anforderungen Netzwerk (Bilder, XHRs, etc.) dürfen (über Webview direkt) erfolgen.
+
+Auf Android und iOS ist die Netzwerk Anfrage Whitelist (s.o.) nicht in der Lage, alle Arten von Anfragen (z.B. `< video >` & WebSockets nicht blockiert) filtern. Also, sollten Sie neben der Whitelist, [Content Security Policy](http://content-security-policy.com/) `< Meta >` -Tags auf allen Ihren Seiten verwenden.
+
+Auf Android Unterstützung für CSP innerhalb der System-Webview beginnt mit KitKat (aber ist in allen Versionen mit Crosswalk WebView verfügbar).
+
+Hier sind einige Beispiel-CSP-Deklarationen für Ihre `HTML` -Seiten:
+
+    <!-- Good default declaration:
+        * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
+        * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
+        * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
+            * Enable inline JS: add 'unsafe-inline' to default-src
+            * Enable eval(): add 'unsafe-eval' to default-src
+    -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+    
+    <!-- Allow requests to foo.com -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
+    
+    <!-- Enable all requests, inline styles, and eval() -->
+    <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
+    
+    <!-- Allow XHRs via https only -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
+    
+    <!-- Allow iframe to https://cordova.apache.org/ -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
+\ No newline at end of file
diff --git a/plugins/cordova-plugin-whitelist/doc/es/README.md b/plugins/cordova-plugin-whitelist/doc/es/README.md
new file mode 100644
index 00000000..b3e46849
--- /dev/null
+++ b/plugins/cordova-plugin-whitelist/doc/es/README.md
@@ -0,0 +1,148 @@
+<!--
+# license: Licensed to the Apache Software Foundation (ASF) under one
+#         or more contributor license agreements.  See the NOTICE file
+#         distributed with this work for additional information
+#         regarding copyright ownership.  The ASF licenses this file
+#         to you under the Apache License, Version 2.0 (the
+#         "License"); you may not use this file except in compliance
+#         with the License.  You may obtain a copy of the License at
+#
+#           http://www.apache.org/licenses/LICENSE-2.0
+#
+#         Unless required by applicable law or agreed to in writing,
+#         software distributed under the License is distributed on an
+#         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#         KIND, either express or implied.  See the License for the
+#         specific language governing permissions and limitations
+#         under the License.
+-->
+
+# cordova-plugin-whitelist
+
+Este plugin implementa una política de lista blanca para navegar la aplicación webview en Cordova 4.0
+
+## Plataformas soportadas Cordova
+
+  * Android 4.0 o superior
+  * iOS 4.0.0 o superior
+
+## Lista blanca de navegación
+
+Controla que las URLs del WebView se puede navegar a. Se aplica a nivel superior navegaciones solo.
+
+Peculiaridades: en Android también se aplica a iframes para esquemas que son de http (s).
+
+Por defecto, navegaciones solo a direcciones URL `file://` , son permitidas. Para permitir que otros otras URL, debe agregar `< allow-navegación >` etiquetas en el `archivo config.xml`:
+
+    <!-- Allow links to example.com -->
+    <allow-navigation href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-navigation href="*://*.example.com/*" />
+    
+    <!-- A wildcard can be used to whitelist the entire network,
+         over HTTP and HTTPS.
+         *NOT RECOMMENDED* -->
+    <allow-navigation href="*" />
+    
+    <!-- The above is equivalent to these three declarations -->
+    <allow-navigation href="http://*/*" />
+    <allow-navigation href="https://*/*" />
+    <allow-navigation href="data:*" />
+    
+
+## Intención de lista blanca
+
+Controla qué URLs de la aplicación se permite hacer el sistema para abrir. De forma predeterminada, se permiten ninguÌ n external URLs.
+
+En Android, esto equivale a enviar una intención de tipo BROWSEABLE.
+
+Esta lista blanca no se aplica a plugins, sólo los hipervínculos y las llamadas a `window.Open)`.
+
+En `config.xml`, agregar etiquetas `< allow-intent >` , como este:
+
+    <!-- Allow links to web pages to open in a browser -->
+    <allow-intent href="http://*/*" />
+    <allow-intent href="https://*/*" />
+    
+    <!-- Allow links to example.com to open in a browser -->
+    <allow-intent href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-intent href="*://*.example.com/*" />
+    
+    <!-- Allow SMS links to open messaging app -->
+    <allow-intent href="sms:*" />
+    
+    <!-- Allow tel: links to open the dialer -->
+    <allow-intent href="tel:*" />
+    
+    <!-- Allow geo: links to open maps -->
+    <allow-intent href="geo:*" />
+    
+    <!-- Allow all unrecognized URLs to open installed apps
+         *NOT RECOMMENDED* -->
+    <allow-intent href="*" />
+    
+
+## Solicitud de red blanca
+
+Controles que las peticiones de la red (imágenes, XHRs, etc.) se les permite hacer (a través de ganchos nativa de Córdoba).
+
+Nota: Le sugerimos que utilice una política de seguridad de contenido (véase abajo), que es más seguro. Esta lista blanca es sobre todo histórico para webviews que no admiten la CSP.
+
+En `config.xml`, agregue etiquetas de `< access >` , como este:
+
+    <!-- Allow images, xhrs, etc. to google.com -->
+    <access origin="http://google.com" />
+    <access origin="https://google.com" />
+    
+    <!-- Access to the subdomain maps.google.com -->
+    <access origin="http://maps.google.com" />
+    
+    <!-- Access to all the subdomains on google.com -->
+    <access origin="http://*.google.com" />
+    
+    <!-- Enable requests to content: URLs -->
+    <access origin="content:///*" />
+    
+    <!-- Don't block any requests -->
+    <access origin="*" />
+    
+
+Sin las etiquetas `< access >` , se admiten sólo las solicitudes a direcciones URL `file://` . Sin embargo, la aplicación por defecto de Cordova incluye `< access origin = "*" >` por defecto.
+
+Quirk: Android también permite las solicitudes de https://ssl.gstatic.com/accessibility/javascript/android/ por defecto, puesto que es necesario para TalkBack funcionar correctamente.
+
+### Política de seguridad de contenido
+
+Controles que las peticiones de la red (imágenes, XHRs, etc.) se les permite hacer (vía webview directamente).
+
+En iOS y Android, la red solicitud lista blanca (véase arriba) no es capaz de filtrar todos los tipos de solicitudes (por ejemplo, `< video >` y WebSockets no estén bloqueadas). Así, además de la lista blanca, usted debe utilizar una etiqueta `< meta >` de [Contenido la política de seguridad](http://content-security-policy.com/) en todas las páginas.
+
+En Android, soporte para CSP en el sistema webview comienza con KitKat (pero está disponible en todas las versiones con WebView de paso de peatones).
+
+Aquí están algunas declaraciones de CSP de ejemplo para las páginas `.html` :
+
+    <!-- Good default declaration:
+        * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
+        * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
+        * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
+            * Enable inline JS: add 'unsafe-inline' to default-src
+            * Enable eval(): add 'unsafe-eval' to default-src
+    -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+    
+    <!-- Allow requests to foo.com -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
+    
+    <!-- Enable all requests, inline styles, and eval() -->
+    <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
+    
+    <!-- Allow XHRs via https only -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
+    
+    <!-- Allow iframe to https://cordova.apache.org/ -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
+\ No newline at end of file
diff --git a/plugins/cordova-plugin-whitelist/doc/fr/README.md b/plugins/cordova-plugin-whitelist/doc/fr/README.md
new file mode 100644
index 00000000..2a8c4b73
--- /dev/null
+++ b/plugins/cordova-plugin-whitelist/doc/fr/README.md
@@ -0,0 +1,148 @@
+<!--
+# license: Licensed to the Apache Software Foundation (ASF) under one
+#         or more contributor license agreements.  See the NOTICE file
+#         distributed with this work for additional information
+#         regarding copyright ownership.  The ASF licenses this file
+#         to you under the Apache License, Version 2.0 (the
+#         "License"); you may not use this file except in compliance
+#         with the License.  You may obtain a copy of the License at
+#
+#           http://www.apache.org/licenses/LICENSE-2.0
+#
+#         Unless required by applicable law or agreed to in writing,
+#         software distributed under the License is distributed on an
+#         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#         KIND, either express or implied.  See the License for the
+#         specific language governing permissions and limitations
+#         under the License.
+-->
+
+# cordova-plugin-whitelist
+
+Ce plugin met en œuvre une politique de liste blanche pour naviguer le webview application sur Cordova 4.0
+
+## Plates-formes prises en charge Cordova
+
+  * 4.0.0 Android ou supérieur
+  * iOS 4.0.0 ou supérieur
+
+## Navigation liste blanche
+
+Contrôle quels URL le WebView lui-même peut être parcourus à. S'applique à des navigations niveau supérieur seulement.
+
+Particularités : sur Android il s'applique également aux iframes pour non-schémas http (s).
+
+Par défaut, navigations qu'aux URL `file://` , sont autorisés. Pour permettre aux autres d'autres URL, vous devez ajouter des balises `<allow-navigation>` à votre `fichier config.xml`:
+
+    <!-- Allow links to example.com -->
+    <allow-navigation href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-navigation href="*://*.example.com/*" />
+    
+    <!-- A wildcard can be used to whitelist the entire network,
+         over HTTP and HTTPS.
+         *NOT RECOMMENDED* -->
+    <allow-navigation href="*" />
+    
+    <!-- The above is equivalent to these three declarations -->
+    <allow-navigation href="http://*/*" />
+    <allow-navigation href="https://*/*" />
+    <allow-navigation href="data:*" />
+    
+
+## Intent Whitelist
+
+Contrôle quels URL l'app n'est autorisé à poser le système d'ouverture. Par défaut, aucun external URL est autorisés.
+
+Sur Android, cela équivaut à envoyer une intention de type BROWSEABLE.
+
+Cette autorisation ne s'applique pas aux plugins, uniquement les liens hypertexte et les appels à `window.open()`.
+
+Dans le `fichier config.xml`, ajouter des balises `<allow-intent>` , comme ceci :
+
+    <!-- Allow links to web pages to open in a browser -->
+    <allow-intent href="http://*/*" />
+    <allow-intent href="https://*/*" />
+    
+    <!-- Allow links to example.com to open in a browser -->
+    <allow-intent href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-intent href="*://*.example.com/*" />
+    
+    <!-- Allow SMS links to open messaging app -->
+    <allow-intent href="sms:*" />
+    
+    <!-- Allow tel: links to open the dialer -->
+    <allow-intent href="tel:*" />
+    
+    <!-- Allow geo: links to open maps -->
+    <allow-intent href="geo:*" />
+    
+    <!-- Allow all unrecognized URLs to open installed apps
+         *NOT RECOMMENDED* -->
+    <allow-intent href="*" />
+    
+
+## Réseau demande liste blanche
+
+Les contrôles dont les demandes de réseau (images, XHRs, etc.) sont autorisés à effectuer (via cordova natif crochets).
+
+Remarque : Nous vous suggérons de qu'utiliser un contenu politique de sécurité (voir ci-dessous), qui est plus sûr. Cette liste blanche est surtout historique pour webviews qui ne prennent pas en charge les CSP.
+
+Dans le `fichier config.xml`, ajouter des balises `<access>` , comme ceci :
+
+    <!-- Allow images, xhrs, etc. to google.com -->
+    <access origin="http://google.com" />
+    <access origin="https://google.com" />
+    
+    <!-- Access to the subdomain maps.google.com -->
+    <access origin="http://maps.google.com" />
+    
+    <!-- Access to all the subdomains on google.com -->
+    <access origin="http://*.google.com" />
+    
+    <!-- Enable requests to content: URLs -->
+    <access origin="content:///*" />
+    
+    <!-- Don't block any requests -->
+    <access origin="*" />
+    
+
+Sans les balises `<access>` , seules les demandes d'URL `file://` sont autorisés. Toutefois, l'application de Cordoue par défaut inclut `<access origin="*" >` par défaut.
+
+Bizarrerie : Android permet également aux requêtes à https://ssl.gstatic.com/accessibility/javascript/android/ par défaut, puisque c'est nécessaire pour TalkBack fonctionner correctement.
+
+### Politique de sécurité du contenu
+
+Les contrôles dont les demandes de réseau (images, XHRs, etc.) sont autorisés à effectuer (via webview directement).
+
+Sur Android et iOS, la réseau demande liste blanche (voir ci-dessus) n'est pas en mesure de filtrer tous les types de demandes (p. ex. `< video >` & WebSockets ne sont pas bloquées). Ainsi, en plus de la liste blanche, vous devez utiliser une balise `< meta >` de [Contenu politique de sécurité](http://content-security-policy.com/) sur toutes vos pages.
+
+Sur Android, support pour le CSP dans le système webview commence par KitKat (mais n'est disponible sur toutes les versions à l'aide du tableau de concordance WebView).
+
+Voici quelques exemples de déclarations de CSP pour vos pages `.html` :
+
+    <!-- Good default declaration:
+        * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
+        * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
+        * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
+            * Enable inline JS: add 'unsafe-inline' to default-src
+            * Enable eval(): add 'unsafe-eval' to default-src
+    -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+    
+    <!-- Allow requests to foo.com -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
+    
+    <!-- Enable all requests, inline styles, and eval() -->
+    <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
+    
+    <!-- Allow XHRs via https only -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
+    
+    <!-- Allow iframe to https://cordova.apache.org/ -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
+\ No newline at end of file
diff --git a/plugins/cordova-plugin-whitelist/doc/it/README.md b/plugins/cordova-plugin-whitelist/doc/it/README.md
new file mode 100644
index 00000000..157dc036
--- /dev/null
+++ b/plugins/cordova-plugin-whitelist/doc/it/README.md
@@ -0,0 +1,148 @@
+<!--
+# license: Licensed to the Apache Software Foundation (ASF) under one
+#         or more contributor license agreements.  See the NOTICE file
+#         distributed with this work for additional information
+#         regarding copyright ownership.  The ASF licenses this file
+#         to you under the Apache License, Version 2.0 (the
+#         "License"); you may not use this file except in compliance
+#         with the License.  You may obtain a copy of the License at
+#
+#           http://www.apache.org/licenses/LICENSE-2.0
+#
+#         Unless required by applicable law or agreed to in writing,
+#         software distributed under the License is distributed on an
+#         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#         KIND, either express or implied.  See the License for the
+#         specific language governing permissions and limitations
+#         under the License.
+-->
+
+# cordova-plugin-whitelist
+
+Questo plugin attua una politica di whitelist per spostarsi all'interno dell'applicazione webview in Cordova 4.0
+
+## Piattaforme supportate Cordova
+
+  * Android 4.0.0 o superiore
+  * iOS 4.0.0 o superiore
+
+## Navigazione Whitelist
+
+Controlla quali URL WebView stessa può essere esplorato. Si applica al solo primo livello navigazioni.
+
+Stranezze: su Android vale anche per gli iframe per non-schemi di http (s).
+
+Per impostazione predefinita, navigazioni solo agli URL `file://` , sono ammessi. Per consentire altri altri URL, è necessario aggiungere `<allow-navigation>` tag per il tuo `config. XML`:
+
+    <!-- Allow links to example.com -->
+    <allow-navigation href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-navigation href="*://*.example.com/*" />
+    
+    <!-- A wildcard can be used to whitelist the entire network,
+         over HTTP and HTTPS.
+         *NOT RECOMMENDED* -->
+    <allow-navigation href="*" />
+    
+    <!-- The above is equivalent to these three declarations -->
+    <allow-navigation href="http://*/*" />
+    <allow-navigation href="https://*/*" />
+    <allow-navigation href="data:*" />
+    
+
+## Whitelist intento
+
+Controlla quali URL app è consentito richiedere il sistema di apertura. Per impostazione predefinita, nessun esterno URL sono ammessi.
+
+Su Android, ciò equivale all'invio di un intento di tipo BROWSEABLE.
+
+Questa whitelist non si applica ai plugin, solo i collegamenti ipertestuali e chiamate a `Window`.
+
+In `config. XML`, aggiungere tag `<allow-intent>` , simile al seguente:
+
+    <!-- Allow links to web pages to open in a browser -->
+    <allow-intent href="http://*/*" />
+    <allow-intent href="https://*/*" />
+    
+    <!-- Allow links to example.com to open in a browser -->
+    <allow-intent href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-intent href="*://*.example.com/*" />
+    
+    <!-- Allow SMS links to open messaging app -->
+    <allow-intent href="sms:*" />
+    
+    <!-- Allow tel: links to open the dialer -->
+    <allow-intent href="tel:*" />
+    
+    <!-- Allow geo: links to open maps -->
+    <allow-intent href="geo:*" />
+    
+    <!-- Allow all unrecognized URLs to open installed apps
+         *NOT RECOMMENDED* -->
+    <allow-intent href="*" />
+    
+
+## Rete richiesta Whitelist
+
+Controlli che le richieste di rete (immagini, XHRs, ecc.) sono consentiti (tramite ganci nativo di cordova).
+
+Nota: Si consiglia di che utilizzare un criterio di protezione contenuti (Vedi sotto), che è più sicuro. La whitelist è principalmente storico per visualizzazioni Web che non supportano la CSP.
+
+In `config. XML`, aggiungere tag `< access >` , simile al seguente:
+
+    <!-- Allow images, xhrs, etc. to google.com -->
+    <access origin="http://google.com" />
+    <access origin="https://google.com" />
+    
+    <!-- Access to the subdomain maps.google.com -->
+    <access origin="http://maps.google.com" />
+    
+    <!-- Access to all the subdomains on google.com -->
+    <access origin="http://*.google.com" />
+    
+    <!-- Enable requests to content: URLs -->
+    <access origin="content:///*" />
+    
+    <!-- Don't block any requests -->
+    <access origin="*" />
+    
+
+Senza qualsiasi tag `< access >` , sono consentite solo le richieste di URL `file://` . Tuttavia, l'applicazione di Cordova predefinito include `< access origin = "*" >` per impostazione predefinita.
+
+Stranezza: Android consente anche alle richieste di https://ssl.gstatic.com/accessibility/javascript/android/ per impostazione predefinita, poiché questa operazione è necessaria per TalkBack funzionare correttamente.
+
+### Politica di sicurezza del contenuto
+
+Controlli che le richieste di rete (immagini, XHRs, ecc.) possono essere effettuate (via webview direttamente).
+
+Su Android e iOS, la rete richiesta whitelist (Vedi sopra) non è in grado di filtrare tutti i tipi di richieste (ad esempio non sono bloccate `< video >` & WebSockets). Così, oltre alla whitelist, è necessario utilizzare un tag `< meta >` [Content Security Policy](http://content-security-policy.com/) su tutte le pagine.
+
+Su Android, supporto per CSP all'interno webview sistema inizia con KitKat (ma è disponibile su tutte le versioni usando Crosswalk WebView).
+
+Ecco alcuni esempi di dichiarazioni di CSP per le pagine `HTML` :
+
+    <!-- Good default declaration:
+        * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
+        * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
+        * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
+            * Enable inline JS: add 'unsafe-inline' to default-src
+            * Enable eval(): add 'unsafe-eval' to default-src
+    -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+    
+    <!-- Allow requests to foo.com -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
+    
+    <!-- Enable all requests, inline styles, and eval() -->
+    <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
+    
+    <!-- Allow XHRs via https only -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
+    
+    <!-- Allow iframe to https://cordova.apache.org/ -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
+\ No newline at end of file
diff --git a/plugins/cordova-plugin-whitelist/doc/ja/README.md b/plugins/cordova-plugin-whitelist/doc/ja/README.md
new file mode 100644
index 00000000..6db17f1e
--- /dev/null
+++ b/plugins/cordova-plugin-whitelist/doc/ja/README.md
@@ -0,0 +1,148 @@
+<!--
+# license: Licensed to the Apache Software Foundation (ASF) under one
+#         or more contributor license agreements.  See the NOTICE file
+#         distributed with this work for additional information
+#         regarding copyright ownership.  The ASF licenses this file
+#         to you under the Apache License, Version 2.0 (the
+#         "License"); you may not use this file except in compliance
+#         with the License.  You may obtain a copy of the License at
+#
+#           http://www.apache.org/licenses/LICENSE-2.0
+#
+#         Unless required by applicable law or agreed to in writing,
+#         software distributed under the License is distributed on an
+#         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#         KIND, either express or implied.  See the License for the
+#         specific language governing permissions and limitations
+#         under the License.
+-->
+
+# cordova-plugin-whitelist
+
+このプラグイン実装コルドバ 4.0 アプリケーション webview をナビゲートするためのホワイト リスト ポリシー
+
+## サポートされているコルドバのプラットフォーム
+
+  * アンドロイド 4.0.0 以上
+  * iOS 4.0.0 以上
+
+## ナビゲーションのホワイト リスト
+
+WebView 自体に移動に Url を制御します。最上位ナビゲーションのみに適用されます。
+
+癖: Android にもに適用されますの iframe 非-[http スキーム。
+
+既定では、ナビゲーション、 `file://`の Url にのみ許可されます。その他の他の Url を許可するように、 `config.xml`に`<allow-navigation>`タグを追加する必要があります。
+
+    <!-- Allow links to example.com -->
+    <allow-navigation href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-navigation href="*://*.example.com/*" />
+    
+    <!-- A wildcard can be used to whitelist the entire network,
+         over HTTP and HTTPS.
+         *NOT RECOMMENDED* -->
+    <allow-navigation href="*" />
+    
+    <!-- The above is equivalent to these three declarations -->
+    <allow-navigation href="http://*/*" />
+    <allow-navigation href="https://*/*" />
+    <allow-navigation href="data:*" />
+    
+
+## インテントのホワイト リスト
+
+どの Url を開くようにシステムを聞いて、アプリに許可を制御します。 既定では、外部 Url 許可されません。
+
+人造人間、これは型 BROWSEABLE の意図を送信することに相当します。
+
+このホワイト リストはプラグインのみハイパーリンクおよび`window.open()`への呼び出しには適用されません。.
+
+`Config.xml`内の`<allow-intent>`タグは、このようなを追加します。
+
+    <!-- Allow links to web pages to open in a browser -->
+    <allow-intent href="http://*/*" />
+    <allow-intent href="https://*/*" />
+    
+    <!-- Allow links to example.com to open in a browser -->
+    <allow-intent href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-intent href="*://*.example.com/*" />
+    
+    <!-- Allow SMS links to open messaging app -->
+    <allow-intent href="sms:*" />
+    
+    <!-- Allow tel: links to open the dialer -->
+    <allow-intent href="tel:*" />
+    
+    <!-- Allow geo: links to open maps -->
+    <allow-intent href="geo:*" />
+    
+    <!-- Allow all unrecognized URLs to open installed apps
+         *NOT RECOMMENDED* -->
+    <allow-intent href="*" />
+    
+
+## ネットワーク要求のホワイト リスト
+
+ネットワーク要求コントロール (画像、XHRs 等) (コルドバ ネイティブ フック) を介して行われることが。
+
+注: より安全なコンテンツ セキュリティ ポリシー (下記参照) を使用してお勧めします。 このホワイト リストほとんどの CSP をサポートしていない web 表示のために歴史的です。
+
+`Config.xml`内のこのような`<access>`タグを追加します。
+
+    <!-- Allow images, xhrs, etc. to google.com -->
+    <access origin="http://google.com" />
+    <access origin="https://google.com" />
+    
+    <!-- Access to the subdomain maps.google.com -->
+    <access origin="http://maps.google.com" />
+    
+    <!-- Access to all the subdomains on google.com -->
+    <access origin="http://*.google.com" />
+    
+    <!-- Enable requests to content: URLs -->
+    <access origin="content:///*" />
+    
+    <!-- Don't block any requests -->
+    <access origin="*" />
+    
+
+`<access>`タグ、なし`file://` Url に要求のみを許可します。 ただし、既定のコルドバ アプリケーションが含まれています`<access origin="*">`デフォルトで。
+
+気まぐれ: アンドロイドも要求できます https://ssl.gstatic.com/accessibility/javascript/android/デフォルトでは、トークが正常に機能するために必要ですので。
+
+### コンテンツのセキュリティ ポリシー
+
+ネットワーク要求コントロール (画像、XHRs 等) (直接 webview) を介して行われることが。
+
+Android と iOS は、ネットワーク要求ホワイト リスト (上記参照) はすべての種類の要求 (例: `< ビデオ >` & Websocket がふさがれていない) をフィルター処理できません。 だから、ホワイト リストに加えてすべてのページに[コンテンツ セキュリティ ポリシー](http://content-security-policy.com/) `< meta >`タグを使用する必要があります。
+
+Android 上システム webview 内 CSP サポート キットカットから始まります (しかし横断歩道 WebView を使用してすべてのバージョンで利用可能です)。
+
+`.Html`ページのいくつかの例 CSP の宣言は次のとおりです。
+
+    <!-- Good default declaration:
+        * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
+        * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
+        * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
+            * Enable inline JS: add 'unsafe-inline' to default-src
+            * Enable eval(): add 'unsafe-eval' to default-src
+    -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+    
+    <!-- Allow requests to foo.com -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
+    
+    <!-- Enable all requests, inline styles, and eval() -->
+    <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
+    
+    <!-- Allow XHRs via https only -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
+    
+    <!-- Allow iframe to https://cordova.apache.org/ -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
+\ No newline at end of file
diff --git a/plugins/cordova-plugin-whitelist/doc/ko/README.md b/plugins/cordova-plugin-whitelist/doc/ko/README.md
new file mode 100644
index 00000000..4cbae914
--- /dev/null
+++ b/plugins/cordova-plugin-whitelist/doc/ko/README.md
@@ -0,0 +1,148 @@
+<!--
+# license: Licensed to the Apache Software Foundation (ASF) under one
+#         or more contributor license agreements.  See the NOTICE file
+#         distributed with this work for additional information
+#         regarding copyright ownership.  The ASF licenses this file
+#         to you under the Apache License, Version 2.0 (the
+#         "License"); you may not use this file except in compliance
+#         with the License.  You may obtain a copy of the License at
+#
+#           http://www.apache.org/licenses/LICENSE-2.0
+#
+#         Unless required by applicable law or agreed to in writing,
+#         software distributed under the License is distributed on an
+#         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#         KIND, either express or implied.  See the License for the
+#         specific language governing permissions and limitations
+#         under the License.
+-->
+
+# cordova-plugin-whitelist
+
+이 플러그인 구현 코르도바 4.0 응용 프로그램 webview를 탐색에 대 한 허용 정책
+
+## 지원된 코르도바 플랫폼
+
+  * 안 드 로이드 4.0.0 이상
+  * iOS 4.0.0 이상
+
+## 탐색 허용
+
+WebView 자체가 탐색할 수 있는 Url을 제어 합니다. 최상위 탐색에만 적용 됩니다.
+
+단점: 안 드 로이드에도 적용 됩니다 iframe에 대 한 비-프로토콜인 계획.
+
+기본적으로 탐색 `file://` Url에만 사용할 수 있습니다. 다른 다른 Url을 허용 하려면 `config.xml`에 `< allow-navigation >` 태그를 추가 해야 합니다.
+
+    <!-- Allow links to example.com -->
+    <allow-navigation href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-navigation href="*://*.example.com/*" />
+    
+    <!-- A wildcard can be used to whitelist the entire network,
+         over HTTP and HTTPS.
+         *NOT RECOMMENDED* -->
+    <allow-navigation href="*" />
+    
+    <!-- The above is equivalent to these three declarations -->
+    <allow-navigation href="http://*/*" />
+    <allow-navigation href="https://*/*" />
+    <allow-navigation href="data:*" />
+    
+
+## 의도 허용
+
+App 시스템 열을 게 허용 되는 Url을 제어 합니다. 기본적으로 외부 Url은 사용할 수 있습니다.
+
+안 드 로이드에이 형식의 BROWSEABLE 의도 보내는 것 같습니다.
+
+이 허용 된 플러그인, 하이퍼링크 및 `window.open ()` 호출에 적용 되지 않습니다..
+
+`Config.xml`에이 같은 `< allow-intent >` 태그를 추가 합니다.
+
+    <!-- Allow links to web pages to open in a browser -->
+    <allow-intent href="http://*/*" />
+    <allow-intent href="https://*/*" />
+    
+    <!-- Allow links to example.com to open in a browser -->
+    <allow-intent href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-intent href="*://*.example.com/*" />
+    
+    <!-- Allow SMS links to open messaging app -->
+    <allow-intent href="sms:*" />
+    
+    <!-- Allow tel: links to open the dialer -->
+    <allow-intent href="tel:*" />
+    
+    <!-- Allow geo: links to open maps -->
+    <allow-intent href="geo:*" />
+    
+    <!-- Allow all unrecognized URLs to open installed apps
+         *NOT RECOMMENDED* -->
+    <allow-intent href="*" />
+    
+
+## 네트워크 요청 허용
+
+요청을 네트워크 컨트롤 (이미지, XHRs, 등) (코르도바 네이티브 후크)를 통해 할 수 있습니다.
+
+참고: 당신이 사용 콘텐츠 보안 정책 (아래 참조), 더 안전한 것이 좋습니다. 이 허용은 CSP를 지원 하지 않는 webviews에 대 한 역사적.
+
+`Config.xml`에이 같은 `< access >` 태그를 추가 합니다.
+
+    <!-- Allow images, xhrs, etc. to google.com -->
+    <access origin="http://google.com" />
+    <access origin="https://google.com" />
+    
+    <!-- Access to the subdomain maps.google.com -->
+    <access origin="http://maps.google.com" />
+    
+    <!-- Access to all the subdomains on google.com -->
+    <access origin="http://*.google.com" />
+    
+    <!-- Enable requests to content: URLs -->
+    <access origin="content:///*" />
+    
+    <!-- Don't block any requests -->
+    <access origin="*" />
+    
+
+어떤 `< access >` 태그 없이 요청 `file://` Url 사용할 수 있습니다. 그러나 기본 코르도바 응용 프로그램을 포함 하는, `< access origin="*" >` 기본적으로.
+
+특질: 안 드 로이드 또한 수 있습니다 요청을 https://ssl.gstatic.com/accessibility/javascript/android/ 기본적으로 필요 제대로 작동 하려면 의견 이므로.
+
+### 콘텐츠 보안 정책
+
+요청을 네트워크 컨트롤 (이미지, XHRs, 등) (webview 직접)를 통해 할 수 있습니다.
+
+안 드 로이드와 iOS에 네트워크 요청 허용 (위 참조)는 모든 종류의 요청 (예: `< 비디오 >` & WebSockets 차단 되지 않습니다)를 필터링 할 수 없습니다. 그래서, 허용, 뿐만 아니라 귀하의 모든 페이지에 [콘텐츠 보안 정책](http://content-security-policy.com/) `< meta >` 태그를 사용 해야 합니다.
+
+안 드 로이드, 시스템 webview 내에서 CSP에 대 한 지원을 KitKat 시작 (하지만 횡단 보도 WebView를 사용 하 여 모든 버전에서 사용할 수).
+
+다음은 `.html` 페이지에 대 한 몇 가지 예제 CSP 선언입니다.
+
+    <!-- Good default declaration:
+        * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
+        * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
+        * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
+            * Enable inline JS: add 'unsafe-inline' to default-src
+            * Enable eval(): add 'unsafe-eval' to default-src
+    -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+    
+    <!-- Allow requests to foo.com -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
+    
+    <!-- Enable all requests, inline styles, and eval() -->
+    <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
+    
+    <!-- Allow XHRs via https only -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
+    
+    <!-- Allow iframe to https://cordova.apache.org/ -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
+\ No newline at end of file
diff --git a/plugins/cordova-plugin-whitelist/doc/pl/README.md b/plugins/cordova-plugin-whitelist/doc/pl/README.md
new file mode 100644
index 00000000..ecdc3d5c
--- /dev/null
+++ b/plugins/cordova-plugin-whitelist/doc/pl/README.md
@@ -0,0 +1,148 @@
+<!--
+# license: Licensed to the Apache Software Foundation (ASF) under one
+#         or more contributor license agreements.  See the NOTICE file
+#         distributed with this work for additional information
+#         regarding copyright ownership.  The ASF licenses this file
+#         to you under the Apache License, Version 2.0 (the
+#         "License"); you may not use this file except in compliance
+#         with the License.  You may obtain a copy of the License at
+#
+#           http://www.apache.org/licenses/LICENSE-2.0
+#
+#         Unless required by applicable law or agreed to in writing,
+#         software distributed under the License is distributed on an
+#         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#         KIND, either express or implied.  See the License for the
+#         specific language governing permissions and limitations
+#         under the License.
+-->
+
+# cordova-plugin-whitelist
+
+Ten plugin wdraża polityki białej nawigacja widoku sieci Web aplikacji na Cordova 4.0
+
+## Cordova obsługiwanych platform
+
+  * Android 4.0.0 lub powyżej
+  * iOS 4.0.0 lub powyżej
+
+## Biała lista nawigacji
+
+Kontroluje, których adresy URL widoku sieci Web, samej można nawigować do. Dotyczy tylko najwyższego poziomu nawigacje.
+
+Dziwactwa: na Android to dotyczy także IFRAME do nie-http (s) systemów.
+
+Domyślnie, nawigacje tylko do URLi `file://` , są dozwolone. Aby zezwolić na inne adresy URL, należy dodać Tagi `< allow-navigation >` do pliku `config.xml`:
+
+    <!-- Allow links to example.com -->
+    <allow-navigation href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-navigation href="*://*.example.com/*" />
+    
+    <!-- A wildcard can be used to whitelist the entire network,
+         over HTTP and HTTPS.
+         *NOT RECOMMENDED* -->
+    <allow-navigation href="*" />
+    
+    <!-- The above is equivalent to these three declarations -->
+    <allow-navigation href="http://*/*" />
+    <allow-navigation href="https://*/*" />
+    <allow-navigation href="data:*" />
+    
+
+## Zamiarem biała
+
+Kontroluje, których adresy URL aplikacji jest możliwość zapytać systemem otwierania. Domyślnie nie ma zewnętrznych adresów URL są dozwolone.
+
+Na Android to przyrównuje do wysyłania zamiarem typu BROWSEABLE.
+
+Ta biała nie ma zastosowania do pluginów, tylko hiperłącza i wywołania `window.open()`.
+
+W `pliku config.xml`dodawanie tagów `< allow-intent >` , jak to:
+
+    <!-- Allow links to web pages to open in a browser -->
+    <allow-intent href="http://*/*" />
+    <allow-intent href="https://*/*" />
+    
+    <!-- Allow links to example.com to open in a browser -->
+    <allow-intent href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-intent href="*://*.example.com/*" />
+    
+    <!-- Allow SMS links to open messaging app -->
+    <allow-intent href="sms:*" />
+    
+    <!-- Allow tel: links to open the dialer -->
+    <allow-intent href="tel:*" />
+    
+    <!-- Allow geo: links to open maps -->
+    <allow-intent href="geo:*" />
+    
+    <!-- Allow all unrecognized URLs to open installed apps
+         *NOT RECOMMENDED* -->
+    <allow-intent href="*" />
+    
+
+## Sieci wniosek biała
+
+Formanty, które sieci żądań (obrazy, XHRs, itp.) mogą być wykonane (za pośrednictwem cordova rodzimych haki).
+
+Uwaga: Zalecamy, że używasz treści polityki bezpieczeństwa (patrz poniżej), który jest bardziej bezpieczne. Ta Biała jest głównie historyczne dla webviews, które nie obsługują CSP.
+
+W `pliku config.xml`dodawanie tagów `< access >` , jak to:
+
+    <!-- Allow images, xhrs, etc. to google.com -->
+    <access origin="http://google.com" />
+    <access origin="https://google.com" />
+    
+    <!-- Access to the subdomain maps.google.com -->
+    <access origin="http://maps.google.com" />
+    
+    <!-- Access to all the subdomains on google.com -->
+    <access origin="http://*.google.com" />
+    
+    <!-- Enable requests to content: URLs -->
+    <access origin="content:///*" />
+    
+    <!-- Don't block any requests -->
+    <access origin="*" />
+    
+
+Bez żadnych tagów `< access >` dozwolone są tylko żądania do URLi `file://` . Jednak domyślnie Cordova aplikacja zawiera `< access origin = "*" >` domyślnie.
+
+Cokół: Android pozwala również żądania do https://ssl.gstatic.com/accessibility/javascript/android/ domyślnie, ponieważ jest to wymagane dla TalkBack wobec funkcja poprawnie.
+
+### Zasady zabezpieczeń zawartości
+
+Formanty, które sieci żądań (obrazy, XHRs, itp.) mogą być wykonane (za pomocą widoku sieci Web bezpośrednio).
+
+Na Androida i iOS biała żądanie sieci (patrz wyżej) nie jest w stanie filtrować wszystkie rodzaje wniosków (np. `< video >` & WebSockets nie są zablokowane). Tak oprócz białej listy, należy użyć tagu `< meta >` [Treści polityki bezpieczeństwa](http://content-security-policy.com/) na wszystkich stronach.
+
+Na Android wsparcie dla CSP w ramach systemu widoku sieci Web zaczyna KitKat (ale jest dostępne we wszystkich wersjach przy użyciu widoku sieci Web przejście dla pieszych).
+
+Oto niektóre przykład CSP deklaracje dla strony `HTML` :
+
+    <!-- Good default declaration:
+        * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
+        * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
+        * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
+            * Enable inline JS: add 'unsafe-inline' to default-src
+            * Enable eval(): add 'unsafe-eval' to default-src
+    -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+    
+    <!-- Allow requests to foo.com -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
+    
+    <!-- Enable all requests, inline styles, and eval() -->
+    <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
+    
+    <!-- Allow XHRs via https only -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
+    
+    <!-- Allow iframe to https://cordova.apache.org/ -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
+\ No newline at end of file
diff --git a/plugins/cordova-plugin-whitelist/doc/zh/README.md b/plugins/cordova-plugin-whitelist/doc/zh/README.md
new file mode 100644
index 00000000..c2c7e112
--- /dev/null
+++ b/plugins/cordova-plugin-whitelist/doc/zh/README.md
@@ -0,0 +1,148 @@
+<!--
+# license: Licensed to the Apache Software Foundation (ASF) under one
+#         or more contributor license agreements.  See the NOTICE file
+#         distributed with this work for additional information
+#         regarding copyright ownership.  The ASF licenses this file
+#         to you under the Apache License, Version 2.0 (the
+#         "License"); you may not use this file except in compliance
+#         with the License.  You may obtain a copy of the License at
+#
+#           http://www.apache.org/licenses/LICENSE-2.0
+#
+#         Unless required by applicable law or agreed to in writing,
+#         software distributed under the License is distributed on an
+#         "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#         KIND, either express or implied.  See the License for the
+#         specific language governing permissions and limitations
+#         under the License.
+-->
+
+# cordova-plugin-whitelist
+
+這個外掛程式實現一個用於導航在科爾多瓦 4.0 應用程式 web 視圖的白名單策略
+
+## 支援的科爾多瓦平臺
+
+  * Android 4.0.0 或以上
+  * iOS 4.0.0 或以上
+
+## 導航白名單
+
+控制 web 視圖本身可以導航到的 Url。適用于頂級導航只。
+
+怪癖: 在 Android 上它也適用于 iframe 的非-結計畫。
+
+預設情況下，只有到`file://` Url 導航允許。若要允許其他其他 Url，必須將`<allow-navigation>`標籤添加到您的`config.xml`:
+
+    <!-- Allow links to example.com -->
+    <allow-navigation href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-navigation href="*://*.example.com/*" />
+    
+    <!-- A wildcard can be used to whitelist the entire network,
+         over HTTP and HTTPS.
+         *NOT RECOMMENDED* -->
+    <allow-navigation href="*" />
+    
+    <!-- The above is equivalent to these three declarations -->
+    <allow-navigation href="http://*/*" />
+    <allow-navigation href="https://*/*" />
+    <allow-navigation href="data:*" />
+    
+
+## 科爾多瓦-外掛程式-白名單
+
+控制應用程式允許讓系統打開的 Url。 預設情況下，沒有外部 Url 允許。
+
+在 android 系統，這相當於發送類型 BROWSEABLE 的意圖。
+
+此白名單並不適用于只超連結和對`window.open ()`調用的外掛程式.
+
+在`config.xml`中添加`<allow-intent>`標籤，像這樣:
+
+    <!-- Allow links to web pages to open in a browser -->
+    <allow-intent href="http://*/*" />
+    <allow-intent href="https://*/*" />
+    
+    <!-- Allow links to example.com to open in a browser -->
+    <allow-intent href="http://example.com/*" />
+    
+    <!-- Wildcards are allowed for the protocol, as a prefix
+         to the host, or as a suffix to the path -->
+    <allow-intent href="*://*.example.com/*" />
+    
+    <!-- Allow SMS links to open messaging app -->
+    <allow-intent href="sms:*" />
+    
+    <!-- Allow tel: links to open the dialer -->
+    <allow-intent href="tel:*" />
+    
+    <!-- Allow geo: links to open maps -->
+    <allow-intent href="geo:*" />
+    
+    <!-- Allow all unrecognized URLs to open installed apps
+         *NOT RECOMMENDED* -->
+    <allow-intent href="*" />
+    
+
+## 網路請求白名單
+
+網路請求的控制項 (圖像，XHRs 等) 允許 (通過科爾多瓦本機掛鉤)。
+
+注意: 我們建議你使用內容的安全性原則 (見下文)，這是更安全。 此白名單大多是為 webviews 不支援 CSP 的歷史。
+
+在`config.xml`中添加`<access>`標記，像這樣:
+
+    <!-- Allow images, xhrs, etc. to google.com -->
+    <access origin="http://google.com" />
+    <access origin="https://google.com" />
+    
+    <!-- Access to the subdomain maps.google.com -->
+    <access origin="http://maps.google.com" />
+    
+    <!-- Access to all the subdomains on google.com -->
+    <access origin="http://*.google.com" />
+    
+    <!-- Enable requests to content: URLs -->
+    <access origin="content:///*" />
+    
+    <!-- Don't block any requests -->
+    <access origin="*" />
+    
+
+沒有任何`<access>`標籤，只到`file://` Url 允許請求。 但是，預設的科爾多瓦應用程式包括`<access origin="*">` ，預設情況。
+
+怪癖: Android 還允許對 HTTPs://ssl.gstatic.com/accessibility/javascript/android/ 請求預設情況下，因為這是對講正常所需。
+
+### 內容安全政策
+
+網路請求的控制項 (圖像，XHRs 等) 允許 (通過 web 視圖直接)。
+
+對 Android 和 iOS，網路請求白名單 (見上文) 是不能夠過濾所有類型的請求 (例如`<video>` & Websocket 未被阻止)。 那麼，除了白名單中，你應使用[內容安全性原則](http://content-security-policy.com/) `< 元 >`標記您的所有頁面。
+
+在 android 系統，對 CSP 系統 web 視圖的支援開始奇巧 (但是是上使用 web 視圖人行橫道上的所有版本可用)。
+
+下面是一些示例 CSP 聲明為`.html`頁面:
+
+    <!-- Good default declaration:
+        * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
+        * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
+        * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
+            * Enable inline JS: add 'unsafe-inline' to default-src
+            * Enable eval(): add 'unsafe-eval' to default-src
+    -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+    
+    <!-- Allow requests to foo.com -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
+    
+    <!-- Enable all requests, inline styles, and eval() -->
+    <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
+    
+    <!-- Allow XHRs via https only -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
+    
+    <!-- Allow iframe to https://cordova.apache.org/ -->
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
+\ No newline at end of file
diff --git a/plugins/cordova-plugin-whitelist/package.json b/plugins/cordova-plugin-whitelist/package.json
index 2c72e256..3eb64e94 100644
--- a/plugins/cordova-plugin-whitelist/package.json
+++ b/plugins/cordova-plugin-whitelist/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cordova-plugin-whitelist",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Cordova Whitelist Plugin",
   "cordova": {
     "platforms": [
@@ -10,7 +10,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://git-wip-us.apache.org/repos/asf/cordova-plugin-whitelist.git"
+    "url": "https://github.com/apache/cordova-plugin-whitelist"
   },
   "keywords": [
     "cordova",
diff --git a/plugins/cordova-plugin-whitelist/plugin.xml b/plugins/cordova-plugin-whitelist/plugin.xml
index 2ec60b3c..ea802bf8 100644
--- a/plugins/cordova-plugin-whitelist/plugin.xml
+++ b/plugins/cordova-plugin-whitelist/plugin.xml
@@ -20,7 +20,7 @@
 
 <plugin xmlns="http://apache.org/cordova/ns/plugins/1.0"
            id="cordova-plugin-whitelist"
-      version="1.0.0">
+      version="1.1.0">
     <name>Whitelist</name>
     <description>Cordova Network Whitelist Plugin</description>
     <license>Apache 2.0</license>
@@ -28,6 +28,7 @@
 
     <engines>
       <engine name="cordova-android" version=">=4.0.0-dev" />
+      <engine name="cordova-ios" version=">=4.0.0-dev" />
     </engines>
 
     <platform name="android">
@@ -44,4 +45,20 @@
             <runs />
         </js-module>
     </platform>
+
+    <platform name="ios">
+        <config-file target="config.xml" parent="/*">
+            <feature name="Whitelist">
+                <param name="ios-package" value="CDVNavigationWhitelistPlugin" /> 
+                <param name="onload" value="true" />
+            </feature>
+        </config-file>
+        <header-file src="src/ios/CDVNavigationWhitelistPlugin.h"  />
+        <source-file src="src/ios/CDVNavigationWhitelistPlugin.m" />
+
+        <js-module src="whitelist.js" name="whitelist">
+            <runs />
+        </js-module>
+    </platform>
+
 </plugin>
diff --git a/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.h b/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.h
index d0b93654..c1c13010 100644
--- a/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.h
+++ b/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.h
@@ -20,12 +20,10 @@
 #import <UIKit/UIKit.h>
 #import <Cordova/CDVPlugin.h>
 #import <Cordova/CDVWhitelist.h>
+#import <Cordova/CDVURLRequestFilter.h>
 
-@interface CDVNavigationWhitelistPlugin : CDVPlugin {}
+@interface CDVNavigationWhitelistPlugin : CDVPlugin <CDVURLRequestFilter>{}
 
 @property (nonatomic, readonly, strong) CDVWhitelist* whitelist; // readonly for public
 
-- (BOOL)shouldAllowNavigationToURL:(NSURL *)url;
-- (BOOL)shouldAllowRequestForURL:(NSURL *)url;
-
 @end
diff --git a/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.m b/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.m
index 5895e89b..11525f23 100644
--- a/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.m
+++ b/plugins/cordova-plugin-whitelist/src/ios/CDVNavigationWhitelistPlugin.m
@@ -76,7 +76,7 @@
 - (void)setViewController:(UIViewController *)viewController
 {
     if ([viewController isKindOfClass:[CDVViewController class]]) {
-        CDVWhitelistConfigParser *whitelistConfigParser = [[CDVWhitelistConfigParser alloc] init];
+        CDVNavigationWhitelistConfigParser *whitelistConfigParser = [[CDVNavigationWhitelistConfigParser alloc] init];
         [(CDVViewController *)viewController parseSettingsWithParser:whitelistConfigParser];
         self.whitelist = [[CDVWhitelist alloc] initWithArray:whitelistConfigParser.whitelistHosts];
     }