Closed terje closed 3 years ago
:exclamation: No coverage uploaded for pull request base (
master@e92f653
). Click here to learn what that means. The diff coverage isn/a
.
@@ Coverage Diff @@
## master #1023 +/- ##
=========================================
Coverage ? 74.91%
=========================================
Files ? 13
Lines ? 1718
Branches ? 0
=========================================
Hits ? 1287
Misses ? 431
Partials ? 0
Impacted Files | Coverage Δ | |
---|---|---|
bin/templates/scripts/cordova/lib/PodsJson.js | 95.04% <0.00%> (ø) |
|
bin/templates/scripts/cordova/Api.js | 71.53% <0.00%> (ø) |
|
bin/templates/scripts/cordova/lib/prepare.js | 85.00% <0.00%> (ø) |
|
bin/templates/scripts/cordova/lib/check_reqs.js | 46.93% <0.00%> (ø) |
|
...emplates/scripts/cordova/lib/listEmulatorImages.js | 100.00% <0.00%> (ø) |
|
...ates/scripts/cordova/lib/plugman/pluginHandlers.js | 90.05% <0.00%> (ø) |
|
bin/templates/scripts/cordova/lib/Podfile.js | 73.20% <0.00%> (ø) |
|
bin/templates/scripts/cordova/lib/versions.js | 100.00% <0.00%> (ø) |
|
bin/templates/scripts/cordova/lib/listDevices.js | 100.00% <0.00%> (ø) |
|
bin/templates/scripts/cordova/lib/build.js | 51.87% <0.00%> (ø) |
|
... and 3 more |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update e92f653...7dd26bf. Read the comment docs.
Platforms affected
Cordova iOS
Motivation and Context
The PR that dropped UIWebView in favour of WKWebView (https://github.com/apache/cordova-ios/pull/773) introduced a bug that makes it so that iframe loads potentially jump out of the app and to Safari.
The current behavior is a problem for instance with Google Tag Manager. GTM might insert an iframe on the page with a source of
https://adservice.google.com
, or indeed any other country Google domain, depending on where the user is. This request would be sent out from the app and to Safari with the current implementation. Since the country domain might vary, it is impossible to approve this navigation in the<allow-navigation />
list in order to keep it within the app.Description
This PR reinstates a verification that if the navigation type is
other
(for instance an iframe) we verify that the navigation is actually happening in the main URL bar and not in an iframe before allowing the URL to be forwarded out of the app.Testing
I have made this change in my own app and verified that the behavior is the same as with Cordova iOS 5, before this change was introduced in Cordova iOS 6.
This issue seems very similar: #988
I have not added tests for this change. This plugin has no tests covering it today.
Checklist
(platform)
if this change only applies to one platform (e.g.(android)
)