Skip to content

Commit

Permalink
Prevent malformed callbackId from reaching app cordova view
Browse files Browse the repository at this point in the history
  • Loading branch information
purplecabbage committed Feb 28, 2019
1 parent 92243cd commit 6861084
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions src/android/InAppChromeClient.java
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ public boolean onJsPrompt(WebView view, String url, String message, String defau
if(defaultValue.startsWith("gap-iab://")) {
PluginResult scriptResult;
String scriptCallbackId = defaultValue.substring(10);
if (scriptCallbackId.startsWith("InAppBrowser")) {
if (scriptCallbackId.matches("^InAppBrowser[0-9]{1,10}$")) {
if(message == null || message.length() == 0) {
scriptResult = new PluginResult(PluginResult.Status.OK, new JSONArray());
} else {
Expand All @@ -118,9 +118,14 @@ public boolean onJsPrompt(WebView view, String url, String message, String defau
result.confirm("");
return true;
}
else {
// Anything else that doesn't look like InAppBrowser0123456789 should end up here
LOG.w(LOG_TAG, "InAppBrowser callback called with invalid callbackId : "+ scriptCallbackId);
result.cancel();
return true;
}
}
else
{
else {
// Anything else with a gap: prefix should get this message
LOG.w(LOG_TAG, "InAppBrowser does not support Cordova API calls: " + url + " " + defaultValue);
result.cancel();
Expand Down

0 comments on commit 6861084

Please sign in to comment.