Skip to content
This repository
Browse code

Merge branch 'issue-2234' into 1.0-stable

  • Loading branch information...
commit 93a1b47bde2a4997a5be4288ac536c02cf56c214 2 parents 2c5de9b + 33add3b
John Bender authored December 15, 2011
20  js/jquery.mobile.navigation.js
@@ -245,6 +245,19 @@
245 245
 					return ( u.hash && ( u.hrefNoHash === documentUrl.hrefNoHash || ( documentBaseDiffers && u.hrefNoHash === documentBase.hrefNoHash ) ) );
246 246
 				}
247 247
 				return (/^#/).test( u.href );
  248
+			},
  249
+
  250
+
  251
+			// Some embedded browsers, like the web view in Phone Gap, allow cross-domain XHR
  252
+			// requests if the document doing the request was loaded via the file:// protocol.
  253
+			// This is usually to allow the application to "phone home" and fetch app specific
  254
+			// data. We normally let the browser handle external/cross-domain urls, but if the
  255
+			// allowCrossDomainPages option is true, we will allow cross-domain http/https
  256
+			// requests to go through our page loading logic.
  257
+			isPermittedCrossDomainRequest: function( docUrl, reqUrl ) {
  258
+				return $.mobile.allowCrossDomainPages
  259
+					&& docUrl.protocol === "file:"
  260
+					&& reqUrl.search( /^https?:/ ) != -1;
248 261
 			}
249 262
 		},
250 263
 
@@ -1220,7 +1233,6 @@
1220 1233
 		return path.makeUrlAbsolute( url, base);
1221 1234
 	}
1222 1235
 
1223  
-
1224 1236
 	//The following event bindings should be bound after mobileinit has been triggered
1225 1237
 	//the following function is called in the init file
1226 1238
 	$.mobile._registerInternalEvents = function(){
@@ -1256,8 +1268,7 @@
1256 1268
 
1257 1269
 			url = path.makeUrlAbsolute(  url, getClosestBaseUrl($this) );
1258 1270
 
1259  
-			//external submits use regular HTTP
1260  
-			if( path.isExternal( url ) || target ) {
  1271
+			if(( path.isExternal( url ) && !path.isPermittedCrossDomainRequest(documentUrl, url)) || target ) {
1261 1272
 				return;
1262 1273
 			}
1263 1274
 
@@ -1365,12 +1376,11 @@
1365 1376
 				// data. We normally let the browser handle external/cross-domain urls, but if the
1366 1377
 				// allowCrossDomainPages option is true, we will allow cross-domain http/https
1367 1378
 				// requests to go through our page loading logic.
1368  
-				isCrossDomainPageLoad = ( $.mobile.allowCrossDomainPages && documentUrl.protocol === "file:" && href.search( /^https?:/ ) != -1 ),
1369 1379
 
1370 1380
 				//check for protocol or rel and its not an embedded page
1371 1381
 				//TODO overlap in logic from isExternal, rel=external check should be
1372 1382
 				//     moved into more comprehensive isExternalLink
1373  
-				isExternal = useDefaultUrlHandling || ( path.isExternal( href ) && !isCrossDomainPageLoad );
  1383
+				isExternal = useDefaultUrlHandling || ( path.isExternal( href ) && !path.isPermittedCrossDomainRequest(documentUrl, href) );
1374 1384
 
1375 1385
 			if( isExternal ) {
1376 1386
 				httpCleanup();
15  tests/unit/navigation/navigation_helpers.js
@@ -215,4 +215,19 @@
215 215
 		same( $.mobile.path.cleanHash( "#anything/atall?akjfdjjf" ), "anything/atall", "removes query param");
216 216
 		same( $.mobile.path.cleanHash( "#nothing/atall" ), "nothing/atall", "removes query param");
217 217
 	});
  218
+
  219
+	test( "path.isPermittedCrossDomainRequest", function() {
  220
+		var fileDocUrl = $.mobile.path.parseUrl( "file://foo" );
  221
+
  222
+		$.mobile.allowCrossDomainPages = false;
  223
+		same( $.mobile.path.isPermittedCrossDomainRequest( "foo",  "bar"), false, "always false from the setting");
  224
+
  225
+
  226
+		$.mobile.allowCrossDomainPages = true;
  227
+		// test the two states of the file protocol logic
  228
+		same( $.mobile.path.isPermittedCrossDomainRequest( fileDocUrl,  "http://bar.com/foo"), true, "external url from file protocol succeeds");
  229
+
  230
+		same( $.mobile.path.isPermittedCrossDomainRequest( fileDocUrl,  "file://foo"), false, "two file protocol urls fail");
  231
+
  232
+	});
218 233
 })(jQuery);

0 notes on commit 93a1b47

Please sign in to comment.
Something went wrong with that request. Please try again.