Skip to content
Permalink
Browse files

Prevent malformed callbackId from reaching app cordova view

  • Loading branch information...
purplecabbage committed Feb 28, 2019
1 parent 92243cd commit 686108484e6a7c1a316d7c6bc869c209c46d27e3
Showing with 8 additions and 3 deletions.
  1. +8 −3 src/android/InAppChromeClient.java
@@ -104,7 +104,7 @@ public boolean onJsPrompt(WebView view, String url, String message, String defau
if(defaultValue.startsWith("gap-iab://")) {
PluginResult scriptResult;
String scriptCallbackId = defaultValue.substring(10);
if (scriptCallbackId.startsWith("InAppBrowser")) {
if (scriptCallbackId.matches("^InAppBrowser[0-9]{1,10}$")) {
if(message == null || message.length() == 0) {
scriptResult = new PluginResult(PluginResult.Status.OK, new JSONArray());
} else {
@@ -118,9 +118,14 @@ public boolean onJsPrompt(WebView view, String url, String message, String defau
result.confirm("");
return true;
}
else {
// Anything else that doesn't look like InAppBrowser0123456789 should end up here
LOG.w(LOG_TAG, "InAppBrowser callback called with invalid callbackId : "+ scriptCallbackId);
result.cancel();
return true;
}
}
else
{
else {
// Anything else with a gap: prefix should get this message
LOG.w(LOG_TAG, "InAppBrowser does not support Cordova API calls: " + url + " " + defaultValue);
result.cancel();

0 comments on commit 6861084

Please sign in to comment.
You can’t perform that action at this time.