From 44d9bb0f6a4deff139a1968479030664bf49eff2 Mon Sep 17 00:00:00 2001 From: stevepodell Date: Wed, 4 Apr 2018 08:22:23 -0700 Subject: [PATCH 1/7] InAppBrowser.java: New method isURLWhileListed to check for whitelisting. Newtest in shouldOverrideUrlLoading, to allow whitelisted custom schemes like"mycoolapp://" inappbrowser.js: Added "customscheme" channel. --- src/android/InAppBrowser.java | 88 ++++++++++++++++++++++++----------- www/inappbrowser.js | 1 + 2 files changed, 63 insertions(+), 26 deletions(-) diff --git a/src/android/InAppBrowser.java b/src/android/InAppBrowser.java index 2b0dbe0fa..3a0305708 100644 --- a/src/android/InAppBrowser.java +++ b/src/android/InAppBrowser.java @@ -170,33 +170,10 @@ public void run() { Boolean shouldAllowNavigation = null; if (url.startsWith("javascript:")) { shouldAllowNavigation = true; + } else { + shouldAllowNavigation = isURLWhiteListed(url); } - if (shouldAllowNavigation == null) { - try { - Method iuw = Config.class.getMethod("isUrlWhiteListed", String.class); - shouldAllowNavigation = (Boolean)iuw.invoke(null, url); - } catch (NoSuchMethodException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } catch (IllegalAccessException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } catch (InvocationTargetException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } - } - if (shouldAllowNavigation == null) { - try { - Method gpm = webView.getClass().getMethod("getPluginManager"); - PluginManager pm = (PluginManager)gpm.invoke(webView); - Method san = pm.getClass().getMethod("shouldAllowNavigation", String.class); - shouldAllowNavigation = (Boolean)san.invoke(pm, url); - } catch (NoSuchMethodException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } catch (IllegalAccessException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } catch (InvocationTargetException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } - } + // load in webview if (Boolean.TRUE.equals(shouldAllowNavigation)) { LOG.d(LOG_TAG, "loading in webview"); @@ -302,6 +279,47 @@ public void run() { return true; } + /** + * Is the URL or Scheme WhiteListed + * This code exists for compatibility between 3.x and 4.x versions of Cordova. + * Previously the Config class had a static method, isUrlWhitelisted(). That + * responsibility has been moved to the plugins, with an aggregating method in + * PluginManager. + */ + * @param url, the URL as a String + * @return true if WhiteListed, otherwise null or false + */ + private Boolean isURLWhiteListed(String url) { + Boolean shouldAllowNavigation = null; + if (shouldAllowNavigation == null) { + try { + Method iuw = Config.class.getMethod("isUrlWhiteListed", String.class); + shouldAllowNavigation = (Boolean)iuw.invoke(null, url); + } catch (NoSuchMethodException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } catch (IllegalAccessException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } catch (InvocationTargetException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } + } + if (shouldAllowNavigation == null) { + try { + Method gpm = webView.getClass().getMethod("getPluginManager"); + PluginManager pm = (PluginManager)gpm.invoke(webView); + Method san = pm.getClass().getMethod("shouldAllowNavigation", String.class); + shouldAllowNavigation = (Boolean)san.invoke(pm, url); + } catch (NoSuchMethodException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } catch (IllegalAccessException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } catch (InvocationTargetException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } + } + return shouldAllowNavigation; + } + /** * Called when the view navigates. */ @@ -1110,6 +1128,24 @@ else if (url.startsWith("sms:")) { LOG.e(LOG_TAG, "Error sending sms " + url + ":" + e.toString()); } } + // Test for whitelisted custom scheme names, less than 20 chars long, like mycoolapp: or twitteroauthresponse: (Twitter Oauth Response) + else if (url.matches("^[a-z]{0,20}://.*?$")) { + if (Boolean.TRUE.equals(isURLWhiteListed(url))) { + try { + LOG.w("STEVE IN InAppBrowser.java, whiteliste url SUCCESS: ", url ); + JSONObject obj = new JSONObject(); + obj.put("type", "customscheme"); + obj.put("url", url); + sendUpdate(obj, true); + return true; + } catch (JSONException ex) { + LOG.e(LOG_TAG, "Custom Scheme URI passed in has caused a JSON error."); + } + } else { + LOG.w("STEVE IN InAppBrowser.java, whitelisted url FAILURE: ", url ); + } + } + return false; } diff --git a/www/inappbrowser.js b/www/inappbrowser.js index 7c3e749e8..08f96ab01 100644 --- a/www/inappbrowser.js +++ b/www/inappbrowser.js @@ -36,6 +36,7 @@ 'loadstart': channel.create('loadstart'), 'loadstop': channel.create('loadstop'), 'loaderror': channel.create('loaderror'), + 'customscheme': channel.create('customscheme'), 'exit': channel.create('exit') }; } From a6c7b54998deb1a582c9550f4a4e78fc18e8c137 Mon Sep 17 00:00:00 2001 From: stevepodell Date: Wed, 4 Apr 2018 08:42:00 -0700 Subject: [PATCH 2/7] InAppBrowser.java: New method isURLWhileListed to check for whitelisting. Newtest in shouldOverrideUrlLoading, to allow whitelisted custom schemes like"mycoolapp://" inappbrowser.js: Added "customscheme" channel. --- src/android/InAppBrowser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/android/InAppBrowser.java b/src/android/InAppBrowser.java index 3a0305708..be75d16f1 100644 --- a/src/android/InAppBrowser.java +++ b/src/android/InAppBrowser.java @@ -285,7 +285,7 @@ public void run() { * Previously the Config class had a static method, isUrlWhitelisted(). That * responsibility has been moved to the plugins, with an aggregating method in * PluginManager. - */ + * * @param url, the URL as a String * @return true if WhiteListed, otherwise null or false */ From 2d69afcd7c30e6ac86ef0d5519af3d12ca3a6252 Mon Sep 17 00:00:00 2001 From: stevepodell Date: Wed, 4 Apr 2018 15:57:13 -0700 Subject: [PATCH 3/7] InAppBrowser.java: New method isURLWhileListed to check for whitelisting. Newtest in shouldOverrideUrlLoading, to allow whitelisted custom schemes like"mycoolapp://" inappbrowser.js: Added "customscheme" channel. --- src/android/InAppBrowser.java | 102 +++++++++++++++------------------- 1 file changed, 45 insertions(+), 57 deletions(-) diff --git a/src/android/InAppBrowser.java b/src/android/InAppBrowser.java index be75d16f1..e53614d60 100644 --- a/src/android/InAppBrowser.java +++ b/src/android/InAppBrowser.java @@ -133,6 +133,7 @@ public class InAppBrowser extends CordovaPlugin { private boolean hideUrlBar = false; private boolean showFooter = false; private String footerColor = ""; + private String[] allowedSchemes; /** * Executes the request and returns PluginResult. @@ -170,10 +171,33 @@ public void run() { Boolean shouldAllowNavigation = null; if (url.startsWith("javascript:")) { shouldAllowNavigation = true; - } else { - shouldAllowNavigation = isURLWhiteListed(url); } - + if (shouldAllowNavigation == null) { + try { + Method iuw = Config.class.getMethod("isUrlWhiteListed", String.class); + shouldAllowNavigation = (Boolean)iuw.invoke(null, url); + } catch (NoSuchMethodException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } catch (IllegalAccessException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } catch (InvocationTargetException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } + } + if (shouldAllowNavigation == null) { + try { + Method gpm = webView.getClass().getMethod("getPluginManager"); + PluginManager pm = (PluginManager)gpm.invoke(webView); + Method san = pm.getClass().getMethod("shouldAllowNavigation", String.class); + shouldAllowNavigation = (Boolean)san.invoke(pm, url); + } catch (NoSuchMethodException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } catch (IllegalAccessException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } catch (InvocationTargetException e) { + LOG.d(LOG_TAG, e.getLocalizedMessage()); + } + } // load in webview if (Boolean.TRUE.equals(shouldAllowNavigation)) { LOG.d(LOG_TAG, "loading in webview"); @@ -279,47 +303,6 @@ public void run() { return true; } - /** - * Is the URL or Scheme WhiteListed - * This code exists for compatibility between 3.x and 4.x versions of Cordova. - * Previously the Config class had a static method, isUrlWhitelisted(). That - * responsibility has been moved to the plugins, with an aggregating method in - * PluginManager. - * - * @param url, the URL as a String - * @return true if WhiteListed, otherwise null or false - */ - private Boolean isURLWhiteListed(String url) { - Boolean shouldAllowNavigation = null; - if (shouldAllowNavigation == null) { - try { - Method iuw = Config.class.getMethod("isUrlWhiteListed", String.class); - shouldAllowNavigation = (Boolean)iuw.invoke(null, url); - } catch (NoSuchMethodException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } catch (IllegalAccessException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } catch (InvocationTargetException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } - } - if (shouldAllowNavigation == null) { - try { - Method gpm = webView.getClass().getMethod("getPluginManager"); - PluginManager pm = (PluginManager)gpm.invoke(webView); - Method san = pm.getClass().getMethod("shouldAllowNavigation", String.class); - shouldAllowNavigation = (Boolean)san.invoke(pm, url); - } catch (NoSuchMethodException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } catch (IllegalAccessException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } catch (InvocationTargetException e) { - LOG.d(LOG_TAG, e.getLocalizedMessage()); - } - } - return shouldAllowNavigation; - } - /** * Called when the view navigates. */ @@ -1129,20 +1112,25 @@ else if (url.startsWith("sms:")) { } } // Test for whitelisted custom scheme names, less than 20 chars long, like mycoolapp: or twitteroauthresponse: (Twitter Oauth Response) - else if (url.matches("^[a-z]{0,20}://.*?$")) { - if (Boolean.TRUE.equals(isURLWhiteListed(url))) { - try { - LOG.w("STEVE IN InAppBrowser.java, whiteliste url SUCCESS: ", url ); - JSONObject obj = new JSONObject(); - obj.put("type", "customscheme"); - obj.put("url", url); - sendUpdate(obj, true); - return true; - } catch (JSONException ex) { - LOG.e(LOG_TAG, "Custom Scheme URI passed in has caused a JSON error."); + else if (!url.startsWith("http:") && !url.startsWith("https:") && url.matches("^[a-z]{0,20}://.*?$")) { + if (allowedSchemes == null) { + String allowed = preferences.getString("AllowedSchemes", ""); + allowedSchemes = allowed.split(","); + } + if (allowedSchemes != null) { + for (String scheme : allowedSchemes) { + if (url.startsWith(scheme)) { + try { + JSONObject obj = new JSONObject(); + obj.put("type", "customscheme"); + obj.put("url", url); + sendUpdate(obj, true); + return true; + } catch (JSONException ex) { + LOG.e(LOG_TAG, "Custom Scheme URI passed in has caused a JSON error."); + } + } } - } else { - LOG.w("STEVE IN InAppBrowser.java, whitelisted url FAILURE: ", url ); } } From 019ec3963f6b9884a5dd61e1b7565d83e0adfdba Mon Sep 17 00:00:00 2001 From: stevepodell Date: Thu, 5 Apr 2018 10:14:54 -0700 Subject: [PATCH 4/7] InAppBrowser.java: New method isURLWhileListed to check for whitelisting of "AllowedSchemes" in a new preference configuration item. There is a new check in shouldOverrideUrlLoading, to allow whitelisted custom schemes like "mycoolapp://" inappbrowser.js: Added "customscheme" channel. --- src/android/InAppBrowser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/android/InAppBrowser.java b/src/android/InAppBrowser.java index e53614d60..6682a365c 100644 --- a/src/android/InAppBrowser.java +++ b/src/android/InAppBrowser.java @@ -1111,7 +1111,7 @@ else if (url.startsWith("sms:")) { LOG.e(LOG_TAG, "Error sending sms " + url + ":" + e.toString()); } } - // Test for whitelisted custom scheme names, less than 20 chars long, like mycoolapp: or twitteroauthresponse: (Twitter Oauth Response) + // Test for whitelisted custom scheme names, less than 20 chars long, like mycoolapp:// or twitteroauthresponse:// (Twitter Oauth Response) else if (!url.startsWith("http:") && !url.startsWith("https:") && url.matches("^[a-z]{0,20}://.*?$")) { if (allowedSchemes == null) { String allowed = preferences.getString("AllowedSchemes", ""); From 4c4bee528edcd98a9f8fdad677a9a9938a7c992d Mon Sep 17 00:00:00 2001 From: stevepodell Date: Thu, 5 Apr 2018 10:31:00 -0700 Subject: [PATCH 5/7] InAppBrowser.java: New method isURLWhileListed to check for whitelisting of "AllowedSchemes" in a new preference configuration item. There is a new check in shouldOverrideUrlLoading, to allow whitelisted custom schemes like "mycoolapp://" inappbrowser.js: Added "customscheme" channel. --- src/android/InAppBrowser.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/android/InAppBrowser.java b/src/android/InAppBrowser.java index 6682a365c..2d9c144bd 100644 --- a/src/android/InAppBrowser.java +++ b/src/android/InAppBrowser.java @@ -1111,8 +1111,8 @@ else if (url.startsWith("sms:")) { LOG.e(LOG_TAG, "Error sending sms " + url + ":" + e.toString()); } } - // Test for whitelisted custom scheme names, less than 20 chars long, like mycoolapp:// or twitteroauthresponse:// (Twitter Oauth Response) - else if (!url.startsWith("http:") && !url.startsWith("https:") && url.matches("^[a-z]{0,20}://.*?$")) { + // Test for whitelisted custom scheme names like mycoolapp:// or twitteroauthresponse:// (Twitter Oauth Response) + else if (!url.startsWith("http:") && !url.startsWith("https:") && url.matches("^[a-z]://.*?$")) { if (allowedSchemes == null) { String allowed = preferences.getString("AllowedSchemes", ""); allowedSchemes = allowed.split(","); From 27500c2990249f23c90dbb066ce6312e440e28f5 Mon Sep 17 00:00:00 2001 From: stevepodell Date: Thu, 5 Apr 2018 11:54:32 -0700 Subject: [PATCH 6/7] In file AppBrowser.java: New code within shouldOverrideUrlLoading() to check for whitelisting custom schemes via a new "AllowedSchemes" preference configuration item. Allows custom schemes like "mycoolapp://" or "wevotetwitterscheme://" In file inappbrowser.js: Added new "customscheme" channel. --- src/android/InAppBrowser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/android/InAppBrowser.java b/src/android/InAppBrowser.java index 2d9c144bd..86a67456e 100644 --- a/src/android/InAppBrowser.java +++ b/src/android/InAppBrowser.java @@ -1112,7 +1112,7 @@ else if (url.startsWith("sms:")) { } } // Test for whitelisted custom scheme names like mycoolapp:// or twitteroauthresponse:// (Twitter Oauth Response) - else if (!url.startsWith("http:") && !url.startsWith("https:") && url.matches("^[a-z]://.*?$")) { + else if (!url.startsWith("http:") && !url.startsWith("https:") && url.matches("^[a-z]*://.*?$")) { if (allowedSchemes == null) { String allowed = preferences.getString("AllowedSchemes", ""); allowedSchemes = allowed.split(","); From 42df2977240fe3cc716c882eaefff9e2048f0705 Mon Sep 17 00:00:00 2001 From: stevepodell Date: Thu, 5 Apr 2018 12:45:02 -0700 Subject: [PATCH 7/7] In file AppBrowser.java: New code within shouldOverrideUrlLoading() to check for whitelisting custom schemes via a new "AllowedSchemes" preference configuration item. Allows custom schemes like "mycoolapp://" or "wevotetwitterscheme://" In file inappbrowser.js: Added new "customscheme" channel. --- src/android/InAppBrowser.java | 2 +- www/inappbrowser.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/android/InAppBrowser.java b/src/android/InAppBrowser.java index 86a67456e..9b3388ced 100644 --- a/src/android/InAppBrowser.java +++ b/src/android/InAppBrowser.java @@ -1256,4 +1256,4 @@ public void onReceivedHttpAuthRequest(WebView view, HttpAuthHandler handler, Str super.onReceivedHttpAuthRequest(view, handler, host, realm); } } -} +} \ No newline at end of file diff --git a/www/inappbrowser.js b/www/inappbrowser.js index 08f96ab01..3619f173f 100644 --- a/www/inappbrowser.js +++ b/www/inappbrowser.js @@ -36,8 +36,8 @@ 'loadstart': channel.create('loadstart'), 'loadstop': channel.create('loadstop'), 'loaderror': channel.create('loaderror'), - 'customscheme': channel.create('customscheme'), - 'exit': channel.create('exit') + 'exit': channel.create('exit'), + 'customscheme': channel.create('customscheme') }; }