Any security concerns using the `InAppBrowserStorageEnabled` config preference

storesafe / cordova-sqlite-storage

A Cordova/PhoneGap plugin to open and use sqlite databases on Android, iOS and Windows with HTML5/Web SQL API

Other

2.14k stars 713 forks source link

Any security concerns using the `InAppBrowserStorageEnabled` config preference #983

Open CodeWithOz opened 2 years ago

CodeWithOz commented 2 years ago

Hi, I came across this InAppBrowserStorageEnabled setting in the cordova config docs that's turned on by default. The decsription states that it:

Controls whether pages opened within an InAppBrowser can access the same localStorage and WebSQL storage as pages opened with the default browser.

The default value is true. Are there any security concerns that an in app browser webpage may be able to access the data saved in sqlite for my app? Thanks.

brodybits commented 2 years ago

My understanding is that a web page running in InAppBrowser should not be able to access this or any other plugin. But I would highly recommend you ask this question in the Cordova Slack channel or Stack Overflow. A major bonus would be to check if this is documented in Cordova itself.