search

apache / cordova-ios

Apache Cordova iOS
https://cordova.apache.org/
Apache License 2.0
2.15k stars 987 forks source link

one question about CDVAllowList #1291

Open Tang0401 opened 1 year ago

Tang0401 commented 1 year ago

Bug Report

Problem

What is expected to happen?

What does actually happen?

NSRegularExpression parts = [NSRegularExpression regularExpressionWithPattern:@"^((\|[A-Za-z-]+):/?/?)?(((\\.)?[^/:]+)|\)?(:(\d+))?(/.)?" options:0 error:nil]; Some schemes cannot be adding into allowlist, for example, com.12306, openapp.jdmobile. Is thie regularExpression for scheme ((\*|[A-Za-z-]+)) universial?

Information

Command or Code

Environment, Platform, Device

Version information

Checklist

erisu commented 3 months ago

IMO, the regular expression is not universal. It is more strict on what is allowed as a scheme.

Looking at O'Reilly - Extracting the Scheme from a URL, they suggest to use the following regular expression for matching URL parts.

^([a-z][a-z0-9+\-.]*):

Using the above regular expression with following test data:

http://cordova.apache.org
https://cordova.apache.org
org.apache://cordova.foobar

It would identfy that http, https and org.apache are schemes.

In regards to Cordova, I am not sure why a stricter expression was applied.