Merge branch 'master' into 1.3.x
# Conflicts:
# RELEASENOTES.md
# package.json
# plugin.xml
diff --git a/.asf.yaml b/.asf.yaml
new file mode 100644
index 0000000..4238892
--- /dev/null
+++ b/.asf.yaml
@@ -0,0 +1,26 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+
+github:
+ description: "[DEPRECATED] Apache Cordova - Whitelist Plugin"
+
+notifications:
+ commits: commits@cordova.apache.org
+ issues: issues@cordova.apache.org
+ pullrequests_status: issues@cordova.apache.org
+ pullrequests_comment: issues@cordova.apache.org
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..07764a7
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+* text eol=lf
\ No newline at end of file
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
new file mode 100644
index 0000000..3220c25
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,42 @@
+<!--
+Please have a look at the issue templates you get when you click "New issue" in the GitHub UI.
+We very much prefer issues created by using one of these templates.
+-->
+
+### Issue Type
+<!-- Please check the boxes by putting an x in the [ ] like so: [x] -->
+
+- [ ] Bug Report
+- [ ] Feature Request
+- [ ] Support Question
+
+## Description
+
+## Information
+<!-- Include all relevant information that might help understand and reproduce the problem -->
+
+### Command or Code
+<!-- What command or code is needed to reproduce the problem? -->
+
+### Environment, Platform, Device
+<!-- In what environment, on what platform or on which device are you experiencing the issue? -->
+
+
+
+### Version information
+<!--
+What are relevant versions you are using?
+For example:
+Cordova: Cordova CLI, Cordova Platforms, Cordova Plugins
+Other Frameworks: Ionic Framework and CLI version
+Operating System, Android Studio, Xcode etc.
+-->
+
+
+
+## Checklist
+<!-- Please check the boxes by putting an `x` in the `[ ]` like so: `[x]` -->
+
+- [ ] I searched for already existing GitHub issues about this
+- [ ] I updated all Cordova tooling to their most recent version
+- [ ] I included all the necessary information above
diff --git a/.github/ISSUE_TEMPLATE/BUG_REPORT.md b/.github/ISSUE_TEMPLATE/BUG_REPORT.md
new file mode 100644
index 0000000..bd8a3ac
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/BUG_REPORT.md
@@ -0,0 +1,50 @@
+---
+name: 🐛 Bug Report
+about: If something isn't working as expected.
+
+---
+
+# Bug Report
+
+## Problem
+
+### What is expected to happen?
+
+
+
+### What does actually happen?
+
+
+
+## Information
+<!-- Include all relevant information that might help understand and reproduce the problem -->
+
+
+
+### Command or Code
+<!-- What command or code is needed to reproduce the problem? -->
+
+
+
+### Environment, Platform, Device
+<!-- In what environment, on what platform or on which device are you experiencing the issue? -->
+
+
+
+### Version information
+<!--
+What are relevant versions you are using?
+For example:
+Cordova: Cordova CLI, Cordova Platforms, Cordova Plugins
+Other Frameworks: Ionic Framework and CLI version
+Operating System, Android Studio, Xcode etc.
+-->
+
+
+
+## Checklist
+<!-- Please check the boxes by putting an x in the [ ] like so: [x] -->
+
+- [ ] I searched for existing GitHub issues
+- [ ] I updated all Cordova tooling to most recent version
+- [ ] I included all the necessary information above
diff --git a/.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md b/.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md
new file mode 100644
index 0000000..381fc8a
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md
@@ -0,0 +1,29 @@
+---
+name: 🚀 Feature Request
+about: A suggestion for a new functionality
+
+---
+
+# Feature Request
+
+## Motivation Behind Feature
+<!-- Why should this feature be implemented? What problem does it solve? -->
+
+
+
+## Feature Description
+<!--
+Describe your feature request in detail
+Please provide any code examples or screenshots of what this feature would look like
+Are there any drawbacks? Will this break anything for existing users?
+-->
+
+
+
+## Alternatives or Workarounds
+<!--
+Describe alternatives or workarounds you are currently using
+Are there ways to do this with existing functionality?
+-->
+
+
diff --git a/.github/ISSUE_TEMPLATE/SUPPORT_QUESTION.md b/.github/ISSUE_TEMPLATE/SUPPORT_QUESTION.md
new file mode 100644
index 0000000..516c6e6
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/SUPPORT_QUESTION.md
@@ -0,0 +1,27 @@
+---
+name: 💬 Support Question
+about: If you have a question, please check out our Slack or StackOverflow!
+
+---
+
+<!------------^ Click "Preview" for a nicer view! -->
+
+Apache Cordova uses GitHub Issues as a feature request and bug tracker _only_.
+For usage and support questions, please check out the resources below. Thanks!
+
+---
+
+You can get answers to your usage and support questions about **Apache Cordova** on:
+
+* Slack Community Chat: https://cordova.slack.com (you can sign-up at http://slack.cordova.io/)
+* StackOverflow: https://stackoverflow.com/questions/tagged/cordova using the tag `cordova`
+
+---
+
+If you are using a tool that uses Cordova internally, like e.g. Ionic, check their support channels:
+
+* **Ionic Framework**
+ * [Ionic Community Forum](https://forum.ionicframework.com/)
+ * [Ionic Worldwide Slack](https://ionicworldwide.herokuapp.com/)
+* **PhoneGap**
+ * [PhoneGap Developer Community](https://forums.adobe.com/community/phonegap)
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 91582f4..712b2ff 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,6 +1,5 @@
<!--
-Please make sure the checklist boxes are all checked before submitting the PR. The checklist
-is intended as a quick reference, for complete details please see our Contributor Guidelines:
+Please make sure the checklist boxes are all checked before submitting the PR. The checklist is intended as a quick reference, for complete details please see our Contributor Guidelines:
http://cordova.apache.org/contribute/contribute_guidelines.html
@@ -10,13 +9,27 @@
### Platforms affected
-### What does this PR do?
+
+### Motivation and Context
+<!-- Why is this change required? What problem does it solve? -->
+<!-- If it fixes an open issue, please link to the issue here. -->
-### What testing has been done on this change?
+
+### Description
+<!-- Describe your changes in detail -->
+
+
+
+### Testing
+<!-- Please describe in detail how you tested your changes. -->
+
### Checklist
-- [ ] [Reported an issue](http://cordova.apache.org/contribute/issues.html) in the JIRA database
-- [ ] Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB-xxxx is the JIRA ID & "android" is the platform affected.
-- [ ] Added automated test coverage as appropriate for this change.
+
+- [ ] I've run the tests to see all new and existing tests pass
+- [ ] I added automated test coverage as appropriate for this change
+- [ ] Commit is prefixed with `(platform)` if this change only applies to one platform (e.g. `(android)`)
+- [ ] If this Pull Request resolves an issue, I linked to the issue in the text above (and used the correct [keyword to close issues using keywords](https://help.github.com/articles/closing-issues-using-keywords/))
+- [ ] I've updated the documentation if necessary
diff --git a/.npmignore b/.npmignore
new file mode 100644
index 0000000..45e3c38
--- /dev/null
+++ b/.npmignore
@@ -0,0 +1,3 @@
+.*
+appveyor.yml
+tests
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..930ea27
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,119 @@
+# This Travis configuration file is built after a Cordova Paramedic
+# specific template with minimal modifications and adaptations:
+# https://github.com/apache/cordova-paramedic/blob/master/.travis.yml
+
+sudo: false
+
+addons:
+ jwt:
+ # SAUCE_ACCESS_KEY
+ secure: "lXoPl/RjXnA5FocMLhpA4nFtzH/VaX6oMDG4H/uNAKBusTpQiVmmnXkZhv6ERsuuHHMUfZn/29m2On1J4hv8x+u5XpBjkTe0/5umYARTuyWXfnMmILNVNKZr7qmaiFBXI1LrnEoNqgbKR1ZqoN6bMrPZEWRr7AFVgwkRsWRoeTc="
+
+env:
+ global:
+ - SAUCE_USERNAME=snay
+ - TRAVIS_NODE_VERSION=12
+ - ANDROID_API_LEVEL=29
+ - ANDROID_BUILD_TOOLS_VERSION=29.0.2
+
+language: node_js
+node_js: 14
+
+# yaml anchor/alias: https://medium.com/@tommyvn/travis-yml-dry-with-anchors-8b6a3ac1b027
+
+_ios: &_ios
+ os: osx
+ osx_image: xcode11.6
+
+_android: &_android
+ language: android
+ os: linux
+ jdk: oraclejdk8
+ android:
+ components:
+ - tools
+ - build-tools-$ANDROID_BUILD_TOOLS_VERSION
+ - android-$ANDROID_API_LEVEL
+ licenses:
+ - "android-sdk-preview-license-.+"
+ - "android-sdk-license-.+"
+ - "google-gdk-license-.+"
+
+matrix:
+ include:
+ # local tests, without saucelabs
+ - env: PLATFORM=local/browser
+ <<: *_ios
+ - env: PLATFORM=local/ios-10.0
+ <<: *_ios
+
+ # many tests with saucelabs
+ - env: PLATFORM=browser-chrome
+ - env: PLATFORM=browser-firefox
+ - env: PLATFORM=browser-safari
+ - env: PLATFORM=browser-edge
+
+ - env: PLATFORM=ios-11.3
+ <<: *_ios
+ - env: PLATFORM=ios-12.0
+ <<: *_ios
+ - env: PLATFORM=ios-12.2
+ <<: *_ios
+
+ - env: PLATFORM=android-6.0
+ <<: *_android
+ - env: PLATFORM=android-7.0
+ <<: *_android
+ - env: PLATFORM=android-7.1
+ <<: *_android
+ - env: PLATFORM=android-8.0
+ <<: *_android
+ - env: PLATFORM=android-8.1
+ <<: *_android
+ - env: PLATFORM=android-9.0
+ <<: *_android
+
+before_install:
+ # manually install Node for `language: android`
+ - if [[ "$PLATFORM" =~ android ]]; then nvm install $TRAVIS_NODE_VERSION; fi
+ - node --version
+ - if [[ "$PLATFORM" =~ android ]]; then gradle --version; fi
+ - if [[ "$PLATFORM" =~ ios ]]; then npm install -g ios-deploy; fi
+ - npm install -g cordova
+ # install paramedic if not running on paramedic repo
+ - if ! [[ "$TRAVIS_REPO_SLUG" =~ cordova-paramedic ]]; then npm install -g github:apache/cordova-paramedic; fi
+
+install:
+ - npm install
+
+before_script:
+ - |
+ if [[ "$TRAVIS_REPO_SLUG" =~ cordova-paramedic ]]; then
+ # when used in the cordova-paramedic repo
+ TEST_COMMAND="npm run eslint"
+ PARAMEDIC_PLUGIN_TO_TEST="./spec/testable-plugin/"
+ PARAMEDIC_COMMAND="node main.js"
+ else
+ # when used in any other (plugin) repo
+ TEST_COMMAND="npm test"
+ PARAMEDIC_PLUGIN_TO_TEST=$(pwd)
+ PARAMEDIC_COMMAND="cordova-paramedic"
+ fi
+ - PARAMEDIC_BUILDNAME=travis-$TRAVIS_REPO_SLUG-$TRAVIS_JOB_NUMBER
+ - |
+ echo "Variables now are set to:"
+ echo "TEST_COMMAND=$TEST_COMMAND"
+ echo "ADDITIONAL_TESTS=$ADDITIONAL_TESTS"
+ echo "PARAMEDIC_COMMAND=$PARAMEDIC_COMMAND"
+ echo "PLATFORM=$PLATFORM"
+ echo "PARAMEDIC_PLUGIN_TO_TEST=$PARAMEDIC_PLUGIN_TO_TEST"
+ echo "PARAMEDIC_BUILDNAME=$PARAMEDIC_BUILDNAME"
+
+script:
+ - $TEST_COMMAND
+ - |
+ if [[ "$ADDITIONAL_TESTS_DIR" != "" ]]; then
+ cd $ADDITIONAL_TESTS_DIR && npm install && npm test;
+ else
+ $PARAMEDIC_COMMAND --config ./pr/$PLATFORM --plugin $PARAMEDIC_PLUGIN_TO_TEST --buildName $PARAMEDIC_BUILDNAME;
+ fi
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 7de4c64..21a93d7 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -25,13 +25,13 @@
There are multiple ways to contribute: report bugs, improve the docs, and
contribute code.
-
+
For instructions on this, start with the
[contribution overview](http://cordova.apache.org/contribute/).
The details are explained there, but the important items are:
- - Sign and submit an Apache ICLA (Contributor License Agreement).
- - Have a Jira issue open that corresponds to your contribution.
+ - Check for Github issues that corresponds to your contribution and link or create them if necessary.
- Run the tests so your patch doesn't break existing functionality.
We look forward to your contributions!
+
diff --git a/README.md b/README.md
index e19d230..bcee926 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,15 @@
This plugin implements a whitelist policy for navigating the application webview on Cordova 4.0
-:warning: Report issues on the [Apache Cordova issue tracker](https://issues.apache.org/jira/issues/?jql=project%20%3D%20CB%20AND%20status%20in%20%28Open%2C%20%22In%20Progress%22%2C%20Reopened%29%20AND%20resolution%20%3D%20Unresolved%20AND%20component%20%3D%20%22Plugin%20Whitelist%22%20ORDER%20BY%20priority%20DESC%2C%20summary%20ASC%2C%20updatedDate%20DESC)
+### Deprecation Notice
+
+With the Allow List functionality now integrated into the core of Cordova Android (10.x and greater), this plugin is no longer required.
+
+Existing projects using Cordova Android 10 or greater should remove this plugin with the following command:
+
+```bash
+cordova plugin rm cordova-plugin-whitelist
+```
## Installation
@@ -41,95 +49,107 @@
* Android 4.0.0 or above
## Navigation Whitelist
+
Controls which URLs the WebView itself can be navigated to. Applies to
top-level navigations only.
+By default navigations are only allowed to `file://` URLs. To allow others URLs, you must add `<allow-navigation>` tags to your `config.xml`:
+
+```xml
+<!-- Allow links to example.com -->
+<allow-navigation href="http://example.com/*" />
+
+<!-- Wildcards are allowed for the protocol, as a prefix
+ to the host, or as a suffix to the path -->
+<allow-navigation href="*://*.example.com/*" />
+
+<!-- A wildcard can be used to whitelist the entire network,
+ over HTTP and HTTPS.
+ *NOT RECOMMENDED* -->
+<allow-navigation href="*" />
+
+<!-- The above is equivalent to these three declarations -->
+<allow-navigation href="http://*/*" />
+<allow-navigation href="https://*/*" />
+<allow-navigation href="data:*" />
+```
+
Quirks: on Android it also applies to iframes for non-http(s) schemes.
-By default, navigations only to `file://` URLs, are allowed. To allow others URLs, you must add `<allow-navigation>` tags to your `config.xml`:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
## Intent Whitelist
+
Controls which URLs the app is allowed to ask the system to open.
-By default, no external URLs are allowed.
+
+In `config.xml`, add `<allow-intent>` tags, like this:
+
+```xml
+<!-- Allow links to web pages to open in a browser -->
+<allow-intent href="http://*/*" />
+<allow-intent href="https://*/*" />
+
+<!-- Allow links to example.com to open in a browser -->
+<allow-intent href="http://example.com/*" />
+
+<!-- Wildcards are allowed for the protocol, as a prefix
+ to the host, or as a suffix to the path -->
+<allow-intent href="*://*.example.com/*" />
+
+<!-- Allow SMS links to open messaging app -->
+<allow-intent href="sms:*" />
+
+<!-- Allow tel: links to open the dialer -->
+<allow-intent href="tel:*" />
+
+<!-- Allow geo: links to open maps -->
+<allow-intent href="geo:*" />
+
+<!-- Allow all unrecognized URLs to open installed apps
+ *NOT RECOMMENDED* -->
+<allow-intent href="*" />
+```
+
+Without any `<allow-intent>` tags, no requests to external URLs are allowed. However, the default Cordova application includes a quite liberal set of `allow-intent` entries by default. It is advised to narrow this down based on each app's needs.
On Android, this equates to sending an intent of type BROWSEABLE.
This whitelist does not apply to plugins, only hyperlinks and calls to `window.open()`.
-In `config.xml`, add `<allow-intent>` tags, like this:
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
+Note: `allow-navigation` takes precedence over `allow-intent`. Allowing navigation to all URLs with `<allow-navigation href="*" />` for example has the side effect of "capturing" all intents, so the webview navigates to them instead of triggering e.g. external apps.
## Network Request Whitelist
+
Controls which network requests (images, XHRs, etc) are allowed to be made (via cordova native hooks).
Note: We suggest you use a Content Security Policy (see below), which is more secure. This whitelist is mostly historical for webviews which do not support CSP.
In `config.xml`, add `<access>` tags, like this:
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
+```xml
+<!-- Allow images, xhrs, etc. to google.com -->
+<access origin="http://google.com" />
+<access origin="https://google.com" />
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
+<!-- Access to the subdomain maps.google.com -->
+<access origin="http://maps.google.com" />
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
+<!-- Access to all the subdomains on google.com -->
+<access origin="http://*.google.com" />
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
+<!-- Enable requests to content: URLs -->
+<access origin="content:///*" />
- <!-- Don't block any requests -->
- <access origin="*" />
+<!-- Don't block any requests -->
+<access origin="*" />
+```
Without any `<access>` tags, only requests to `file://` URLs are allowed. However, the default Cordova application includes `<access origin="*">` by default.
-
Note: Whitelist cannot block network redirects from a whitelisted remote website (i.e. http or https) to a non-whitelisted website. Use CSP rules to mitigate redirects to non-whitelisted websites for webviews that support CSP.
Quirk: Android also allows requests to https://ssl.gstatic.com/accessibility/javascript/android/ by default, since this is required for TalkBack to function properly.
### Content Security Policy
+
Controls which network requests (images, XHRs, etc) are allowed to be made (via webview directly).
On Android and iOS, the network request whitelist (see above) is not able to filter all types of requests (e.g. `<video>` & WebSockets are not blocked). So, in addition to the whitelist, you should use a [Content Security Policy](http://content-security-policy.com/) `<meta>` tag on all of your pages.
@@ -138,26 +158,28 @@
Here are some example CSP declarations for your `.html` pages:
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
+```html
+<!-- Good default declaration:
+ * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
+ * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
+ * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
+ * Enable inline JS: add 'unsafe-inline' to default-src
+ * Enable eval(): add 'unsafe-eval' to default-src
+-->
+<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
- <!-- Allow everything but only from the same origin and foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
+<!-- Allow everything but only from the same origin and foo.com -->
+<meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
- <!-- This policy allows everything (eg CSS, AJAX, object, frame, media, etc) except that
- * CSS only from the same origin and inline styles,
- * scripts only from the same origin and inline styles, and eval()
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
+<!-- This policy allows everything (eg CSS, AJAX, object, frame, media, etc) except that
+ * CSS only from the same origin and inline styles,
+ * scripts only from the same origin and inline styles, and eval()
+-->
+<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
- <!-- Allows XHRs only over HTTPS on the same domain. -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
+<!-- Allows XHRs only over HTTPS on the same domain. -->
+<meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
+<!-- Allow iframe to https://cordova.apache.org/ -->
+<meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
+```
diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index 2eb693f..b6e000c 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -20,6 +20,35 @@
-->
# Release Notes
+### 1.3.5 (Jun 26, 2021)
+- fix: lock next patch release to `cordova-android` <10 (#62)
+- breaking: deprecate plugin (#59)
+- ci: add node-14.x to workflow (#58)
+- chore: clean up `package.json` (#56)
+- ci(travis): update osx xcode image (#55)
+- ci(travis): updates **Android*- API level (#54)
+- chore(asf): update git notification settings
+- Update CONTRIBUTING.md
+- ci: updates Node.js version (#52)
+- chore(npm): improve ignore list (#51)
+- docs: apply syntax highlighting to code samples (#48)
+- ci: upgrade to node 8
+
+### 1.3.4 (Jun 19, 2019)
+
+- chore: manually fix lines breaks to LF ([`d804ef2`](https://github.com/apache/cordova-plugin-whitelist/commit/d804ef2))
+- build: add `.gitattributes` to force LF (instead of possible CRLF on Windows) ([`ed0206b`](https://github.com/apache/cordova-plugin-whitelist/commit/ed0206b))
+- build: add `.npmignore` to remove unneeded files from npm package ([`bf8fea5`](https://github.com/apache/cordova-plugin-whitelist/commit/bf8fea5))
+- test,ci(travis): Tests (extracted from cordova-mobile-spec) ([#38](https://github.com/apache/cordova-plugin-whitelist/issues/38)) ([`e4f17b0`](https://github.com/apache/cordova-plugin-whitelist/commit/e4f17b0))
+- docs: Added information on allow-navigation preceding allow-intent ([#41](https://github.com/apache/cordova-plugin-whitelist/issues/41)) ([`7725fed`](https://github.com/apache/cordova-plugin-whitelist/commit/7725fed))
+- chore(github): Add or update GitHub pull request and issue template ([`86b3ee1`](https://github.com/apache/cordova-plugin-whitelist/commit/86b3ee1))
+- fix: Remove information about cordova-android ([#27](https://github.com/apache/cordova-plugin-whitelist/issues/27)) ([`34ed9d0`](https://github.com/apache/cordova-plugin-whitelist/commit/34ed9d0))
+- docs: remove JIRA link ([`fa78675`](https://github.com/apache/cordova-plugin-whitelist/commit/fa78675))
+- docs: Clarify unconfigured Intent Whitelist behaviour ([#26](https://github.com/apache/cordova-plugin-whitelist/issues/26)) ([`8d3f86b`](https://github.com/apache/cordova-plugin-whitelist/commit/8d3f86b))
+
+### 1.3.3 (Nov 06, 2017)
+* [CB-12847](https://issues.apache.org/jira/browse/CB-12847) added `bugs` entry to `package.json`.
+
### 1.3.2 (Feb 28, 2017)
* [CB-12236](https://issues.apache.org/jira/browse/CB-12236) Fixed `RELEASENOTES` for `cordova-plugin-whitelist`
diff --git a/doc/de/README.md b/doc/de/README.md
deleted file mode 100644
index e97eaa6..0000000
--- a/doc/de/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-Dieses Plugin implementiert eine Whitelist-Politik für die Navigation in der Anwendung Webview Cordova 4.0
-
-## Cordova unterstützte Plattformen
-
- * Android 4.0.0 oder höher
- * iOS 4.0.0 oder höher
-
-## Navigation-Whitelist
-
-Steuert, welche URLs die WebView selbst zu navigiert werden kann. Bezieht sich auf der obersten Ebene Navigationen nur.
-
-Macken: auf Android es gilt auch für Iframes für nicht-http(s) Systeme.
-
-In der Standardeinstellung Navigationen nur auf `file://` URLs, sind zulässig. Wenn andere andere URLs zulassen möchten, müssen Sie Ihre `"config.xml"` `<allow-navigation>` Markierungen hinzufügen:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## Vorsatz-Whitelist
-
-Steuert, welche URLs die app zulässig ist, um das System zu öffnen Fragen. Standardmäßig dürfen keine externe URLs.
-
-Das entspricht auf Android eine Absicht des Typs BROWSEABLE senden.
-
-Diese Whitelist gilt nicht für Plugins, nur Hyperlinks und Aufrufe von `window.open()`.
-
-Fügen Sie in `"config.xml"` `<allow-intent>` Tags hinzu, wie folgt:
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## Netzwerk-Anforderung-Whitelist
-
-Steuert, welche-Anforderungen Netzwerk (Bilder, XHRs, etc.) dürfen (über Cordova native Haken) erfolgen.
-
-Hinweis: Wir empfehlen Ihnen eine Content Security Policy (siehe unten), das ist sicherer. Diese Whitelist ist vor allem historisch für Webansichten für die CSP nicht unterstützen.
-
-Fügen Sie in `"config.xml"` `<access>` Tags hinzu, wie folgt:
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-Ohne `<access>` -Tags dürfen nur Anforderungen an `file://` URLs. Enthält jedoch die Standardanwendung Cordova `<access origin="*">` standardmäßig.
-
-Eigenart: Android kann auch Anforderungen an https://ssl.gstatic.com/accessibility/javascript/android/ standardmäßig, da dies für TalkBack ordnungsgemäß erforderlich ist.
-
-### Content-Security-Policy
-
-Steuert, welche-Anforderungen Netzwerk (Bilder, XHRs, etc.) dürfen (über Webview direkt) erfolgen.
-
-Auf Android und iOS ist die Netzwerk Anfrage Whitelist (s.o.) nicht in der Lage, alle Arten von Anfragen (z.B. `< video >` & WebSockets nicht blockiert) filtern. Also, sollten Sie neben der Whitelist, [Content Security Policy](http://content-security-policy.com/) `< Meta >` -Tags auf allen Ihren Seiten verwenden.
-
-Auf Android Unterstützung für CSP innerhalb der System-Webview beginnt mit KitKat (aber ist in allen Versionen mit Crosswalk WebView verfügbar).
-
-Hier sind einige Beispiel-CSP-Deklarationen für Ihre `HTML` -Seiten:
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/es/README.md b/doc/es/README.md
deleted file mode 100644
index b3e4684..0000000
--- a/doc/es/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-Este plugin implementa una política de lista blanca para navegar la aplicación webview en Cordova 4.0
-
-## Plataformas soportadas Cordova
-
- * Android 4.0 o superior
- * iOS 4.0.0 o superior
-
-## Lista blanca de navegación
-
-Controla que las URLs del WebView se puede navegar a. Se aplica a nivel superior navegaciones solo.
-
-Peculiaridades: en Android también se aplica a iframes para esquemas que son de http (s).
-
-Por defecto, navegaciones solo a direcciones URL `file://` , son permitidas. Para permitir que otros otras URL, debe agregar `< allow-navegación >` etiquetas en el `archivo config.xml`:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## Intención de lista blanca
-
-Controla qué URLs de la aplicación se permite hacer el sistema para abrir. De forma predeterminada, se permiten ninguÌ n external URLs.
-
-En Android, esto equivale a enviar una intención de tipo BROWSEABLE.
-
-Esta lista blanca no se aplica a plugins, sólo los hipervínculos y las llamadas a `window.Open)`.
-
-En `config.xml`, agregar etiquetas `< allow-intent >` , como este:
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## Solicitud de red blanca
-
-Controles que las peticiones de la red (imágenes, XHRs, etc.) se les permite hacer (a través de ganchos nativa de Córdoba).
-
-Nota: Le sugerimos que utilice una política de seguridad de contenido (véase abajo), que es más seguro. Esta lista blanca es sobre todo histórico para webviews que no admiten la CSP.
-
-En `config.xml`, agregue etiquetas de `< access >` , como este:
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-Sin las etiquetas `< access >` , se admiten sólo las solicitudes a direcciones URL `file://` . Sin embargo, la aplicación por defecto de Cordova incluye `< access origin = "*" >` por defecto.
-
-Quirk: Android también permite las solicitudes de https://ssl.gstatic.com/accessibility/javascript/android/ por defecto, puesto que es necesario para TalkBack funcionar correctamente.
-
-### Política de seguridad de contenido
-
-Controles que las peticiones de la red (imágenes, XHRs, etc.) se les permite hacer (vía webview directamente).
-
-En iOS y Android, la red solicitud lista blanca (véase arriba) no es capaz de filtrar todos los tipos de solicitudes (por ejemplo, `< video >` y WebSockets no estén bloqueadas). Así, además de la lista blanca, usted debe utilizar una etiqueta `< meta >` de [Contenido la política de seguridad](http://content-security-policy.com/) en todas las páginas.
-
-En Android, soporte para CSP en el sistema webview comienza con KitKat (pero está disponible en todas las versiones con WebView de paso de peatones).
-
-Aquí están algunas declaraciones de CSP de ejemplo para las páginas `.html` :
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/fr/README.md b/doc/fr/README.md
deleted file mode 100644
index 2a8c4b7..0000000
--- a/doc/fr/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-Ce plugin met en œuvre une politique de liste blanche pour naviguer le webview application sur Cordova 4.0
-
-## Plates-formes prises en charge Cordova
-
- * 4.0.0 Android ou supérieur
- * iOS 4.0.0 ou supérieur
-
-## Navigation liste blanche
-
-Contrôle quels URL le WebView lui-même peut être parcourus à. S'applique à des navigations niveau supérieur seulement.
-
-Particularités : sur Android il s'applique également aux iframes pour non-schémas http (s).
-
-Par défaut, navigations qu'aux URL `file://` , sont autorisés. Pour permettre aux autres d'autres URL, vous devez ajouter des balises `<allow-navigation>` à votre `fichier config.xml`:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## Intent Whitelist
-
-Contrôle quels URL l'app n'est autorisé à poser le système d'ouverture. Par défaut, aucun external URL est autorisés.
-
-Sur Android, cela équivaut à envoyer une intention de type BROWSEABLE.
-
-Cette autorisation ne s'applique pas aux plugins, uniquement les liens hypertexte et les appels à `window.open()`.
-
-Dans le `fichier config.xml`, ajouter des balises `<allow-intent>` , comme ceci :
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## Réseau demande liste blanche
-
-Les contrôles dont les demandes de réseau (images, XHRs, etc.) sont autorisés à effectuer (via cordova natif crochets).
-
-Remarque : Nous vous suggérons de qu'utiliser un contenu politique de sécurité (voir ci-dessous), qui est plus sûr. Cette liste blanche est surtout historique pour webviews qui ne prennent pas en charge les CSP.
-
-Dans le `fichier config.xml`, ajouter des balises `<access>` , comme ceci :
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-Sans les balises `<access>` , seules les demandes d'URL `file://` sont autorisés. Toutefois, l'application de Cordoue par défaut inclut `<access origin="*" >` par défaut.
-
-Bizarrerie : Android permet également aux requêtes à https://ssl.gstatic.com/accessibility/javascript/android/ par défaut, puisque c'est nécessaire pour TalkBack fonctionner correctement.
-
-### Politique de sécurité du contenu
-
-Les contrôles dont les demandes de réseau (images, XHRs, etc.) sont autorisés à effectuer (via webview directement).
-
-Sur Android et iOS, la réseau demande liste blanche (voir ci-dessus) n'est pas en mesure de filtrer tous les types de demandes (p. ex. `< video >` & WebSockets ne sont pas bloquées). Ainsi, en plus de la liste blanche, vous devez utiliser une balise `< meta >` de [Contenu politique de sécurité](http://content-security-policy.com/) sur toutes vos pages.
-
-Sur Android, support pour le CSP dans le système webview commence par KitKat (mais n'est disponible sur toutes les versions à l'aide du tableau de concordance WebView).
-
-Voici quelques exemples de déclarations de CSP pour vos pages `.html` :
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/it/README.md b/doc/it/README.md
deleted file mode 100644
index 157dc03..0000000
--- a/doc/it/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-Questo plugin attua una politica di whitelist per spostarsi all'interno dell'applicazione webview in Cordova 4.0
-
-## Piattaforme supportate Cordova
-
- * Android 4.0.0 o superiore
- * iOS 4.0.0 o superiore
-
-## Navigazione Whitelist
-
-Controlla quali URL WebView stessa può essere esplorato. Si applica al solo primo livello navigazioni.
-
-Stranezze: su Android vale anche per gli iframe per non-schemi di http (s).
-
-Per impostazione predefinita, navigazioni solo agli URL `file://` , sono ammessi. Per consentire altri altri URL, è necessario aggiungere `<allow-navigation>` tag per il tuo `config. XML`:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## Whitelist intento
-
-Controlla quali URL app è consentito richiedere il sistema di apertura. Per impostazione predefinita, nessun esterno URL sono ammessi.
-
-Su Android, ciò equivale all'invio di un intento di tipo BROWSEABLE.
-
-Questa whitelist non si applica ai plugin, solo i collegamenti ipertestuali e chiamate a `Window`.
-
-In `config. XML`, aggiungere tag `<allow-intent>` , simile al seguente:
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## Rete richiesta Whitelist
-
-Controlli che le richieste di rete (immagini, XHRs, ecc.) sono consentiti (tramite ganci nativo di cordova).
-
-Nota: Si consiglia di che utilizzare un criterio di protezione contenuti (Vedi sotto), che è più sicuro. La whitelist è principalmente storico per visualizzazioni Web che non supportano la CSP.
-
-In `config. XML`, aggiungere tag `< access >` , simile al seguente:
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-Senza qualsiasi tag `< access >` , sono consentite solo le richieste di URL `file://` . Tuttavia, l'applicazione di Cordova predefinito include `< access origin = "*" >` per impostazione predefinita.
-
-Stranezza: Android consente anche alle richieste di https://ssl.gstatic.com/accessibility/javascript/android/ per impostazione predefinita, poiché questa operazione è necessaria per TalkBack funzionare correttamente.
-
-### Politica di sicurezza del contenuto
-
-Controlli che le richieste di rete (immagini, XHRs, ecc.) possono essere effettuate (via webview direttamente).
-
-Su Android e iOS, la rete richiesta whitelist (Vedi sopra) non è in grado di filtrare tutti i tipi di richieste (ad esempio non sono bloccate `< video >` & WebSockets). Così, oltre alla whitelist, è necessario utilizzare un tag `< meta >` [Content Security Policy](http://content-security-policy.com/) su tutte le pagine.
-
-Su Android, supporto per CSP all'interno webview sistema inizia con KitKat (ma è disponibile su tutte le versioni usando Crosswalk WebView).
-
-Ecco alcuni esempi di dichiarazioni di CSP per le pagine `HTML` :
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/ja/README.md b/doc/ja/README.md
deleted file mode 100644
index 6db17f1..0000000
--- a/doc/ja/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-このプラグイン実装コルドバ 4.0 アプリケーション webview をナビゲートするためのホワイト リスト ポリシー
-
-## サポートされているコルドバのプラットフォーム
-
- * アンドロイド 4.0.0 以上
- * iOS 4.0.0 以上
-
-## ナビゲーションのホワイト リスト
-
-WebView 自体に移動に Url を制御します。最上位ナビゲーションのみに適用されます。
-
-癖: Android にもに適用されますの iframe 非-[http スキーム。
-
-既定では、ナビゲーション、 `file://`の Url にのみ許可されます。その他の他の Url を許可するように、 `config.xml`に`<allow-navigation>`タグを追加する必要があります。
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## インテントのホワイト リスト
-
-どの Url を開くようにシステムを聞いて、アプリに許可を制御します。 既定では、外部 Url 許可されません。
-
-人造人間、これは型 BROWSEABLE の意図を送信することに相当します。
-
-このホワイト リストはプラグインのみハイパーリンクおよび`window.open()`への呼び出しには適用されません。.
-
-`Config.xml`内の`<allow-intent>`タグは、このようなを追加します。
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## ネットワーク要求のホワイト リスト
-
-ネットワーク要求コントロール (画像、XHRs 等) (コルドバ ネイティブ フック) を介して行われることが。
-
-注: より安全なコンテンツ セキュリティ ポリシー (下記参照) を使用してお勧めします。 このホワイト リストほとんどの CSP をサポートしていない web 表示のために歴史的です。
-
-`Config.xml`内のこのような`<access>`タグを追加します。
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-`<access>`タグ、なし`file://` Url に要求のみを許可します。 ただし、既定のコルドバ アプリケーションが含まれています`<access origin="*">`デフォルトで。
-
-気まぐれ: アンドロイドも要求できます https://ssl.gstatic.com/accessibility/javascript/android/デフォルトでは、トークが正常に機能するために必要ですので。
-
-### コンテンツのセキュリティ ポリシー
-
-ネットワーク要求コントロール (画像、XHRs 等) (直接 webview) を介して行われることが。
-
-Android と iOS は、ネットワーク要求ホワイト リスト (上記参照) はすべての種類の要求 (例: `< ビデオ >` & Websocket がふさがれていない) をフィルター処理できません。 だから、ホワイト リストに加えてすべてのページに[コンテンツ セキュリティ ポリシー](http://content-security-policy.com/) `< meta >`タグを使用する必要があります。
-
-Android 上システム webview 内 CSP サポート キットカットから始まります (しかし横断歩道 WebView を使用してすべてのバージョンで利用可能です)。
-
-`.Html`ページのいくつかの例 CSP の宣言は次のとおりです。
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/ko/README.md b/doc/ko/README.md
deleted file mode 100644
index 4cbae91..0000000
--- a/doc/ko/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-이 플러그인 구현 코르도바 4.0 응용 프로그램 webview를 탐색에 대 한 허용 정책
-
-## 지원된 코르도바 플랫폼
-
- * 안 드 로이드 4.0.0 이상
- * iOS 4.0.0 이상
-
-## 탐색 허용
-
-WebView 자체가 탐색할 수 있는 Url을 제어 합니다. 최상위 탐색에만 적용 됩니다.
-
-단점: 안 드 로이드에도 적용 됩니다 iframe에 대 한 비-프로토콜인 계획.
-
-기본적으로 탐색 `file://` Url에만 사용할 수 있습니다. 다른 다른 Url을 허용 하려면 `config.xml`에 `< allow-navigation >` 태그를 추가 해야 합니다.
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## 의도 허용
-
-App 시스템 열을 게 허용 되는 Url을 제어 합니다. 기본적으로 외부 Url은 사용할 수 있습니다.
-
-안 드 로이드에이 형식의 BROWSEABLE 의도 보내는 것 같습니다.
-
-이 허용 된 플러그인, 하이퍼링크 및 `window.open ()` 호출에 적용 되지 않습니다..
-
-`Config.xml`에이 같은 `< allow-intent >` 태그를 추가 합니다.
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## 네트워크 요청 허용
-
-요청을 네트워크 컨트롤 (이미지, XHRs, 등) (코르도바 네이티브 후크)를 통해 할 수 있습니다.
-
-참고: 당신이 사용 콘텐츠 보안 정책 (아래 참조), 더 안전한 것이 좋습니다. 이 허용은 CSP를 지원 하지 않는 webviews에 대 한 역사적.
-
-`Config.xml`에이 같은 `< access >` 태그를 추가 합니다.
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-어떤 `< access >` 태그 없이 요청 `file://` Url 사용할 수 있습니다. 그러나 기본 코르도바 응용 프로그램을 포함 하는, `< access origin="*" >` 기본적으로.
-
-특질: 안 드 로이드 또한 수 있습니다 요청을 https://ssl.gstatic.com/accessibility/javascript/android/ 기본적으로 필요 제대로 작동 하려면 의견 이므로.
-
-### 콘텐츠 보안 정책
-
-요청을 네트워크 컨트롤 (이미지, XHRs, 등) (webview 직접)를 통해 할 수 있습니다.
-
-안 드 로이드와 iOS에 네트워크 요청 허용 (위 참조)는 모든 종류의 요청 (예: `< 비디오 >` & WebSockets 차단 되지 않습니다)를 필터링 할 수 없습니다. 그래서, 허용, 뿐만 아니라 귀하의 모든 페이지에 [콘텐츠 보안 정책](http://content-security-policy.com/) `< meta >` 태그를 사용 해야 합니다.
-
-안 드 로이드, 시스템 webview 내에서 CSP에 대 한 지원을 KitKat 시작 (하지만 횡단 보도 WebView를 사용 하 여 모든 버전에서 사용할 수).
-
-다음은 `.html` 페이지에 대 한 몇 가지 예제 CSP 선언입니다.
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/pl/README.md b/doc/pl/README.md
deleted file mode 100644
index ecdc3d5..0000000
--- a/doc/pl/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-Ten plugin wdraża polityki białej nawigacja widoku sieci Web aplikacji na Cordova 4.0
-
-## Cordova obsługiwanych platform
-
- * Android 4.0.0 lub powyżej
- * iOS 4.0.0 lub powyżej
-
-## Biała lista nawigacji
-
-Kontroluje, których adresy URL widoku sieci Web, samej można nawigować do. Dotyczy tylko najwyższego poziomu nawigacje.
-
-Dziwactwa: na Android to dotyczy także IFRAME do nie-http (s) systemów.
-
-Domyślnie, nawigacje tylko do URLi `file://` , są dozwolone. Aby zezwolić na inne adresy URL, należy dodać Tagi `< allow-navigation >` do pliku `config.xml`:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## Zamiarem biała
-
-Kontroluje, których adresy URL aplikacji jest możliwość zapytać systemem otwierania. Domyślnie nie ma zewnętrznych adresów URL są dozwolone.
-
-Na Android to przyrównuje do wysyłania zamiarem typu BROWSEABLE.
-
-Ta biała nie ma zastosowania do pluginów, tylko hiperłącza i wywołania `window.open()`.
-
-W `pliku config.xml`dodawanie tagów `< allow-intent >` , jak to:
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## Sieci wniosek biała
-
-Formanty, które sieci żądań (obrazy, XHRs, itp.) mogą być wykonane (za pośrednictwem cordova rodzimych haki).
-
-Uwaga: Zalecamy, że używasz treści polityki bezpieczeństwa (patrz poniżej), który jest bardziej bezpieczne. Ta Biała jest głównie historyczne dla webviews, które nie obsługują CSP.
-
-W `pliku config.xml`dodawanie tagów `< access >` , jak to:
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-Bez żadnych tagów `< access >` dozwolone są tylko żądania do URLi `file://` . Jednak domyślnie Cordova aplikacja zawiera `< access origin = "*" >` domyślnie.
-
-Cokół: Android pozwala również żądania do https://ssl.gstatic.com/accessibility/javascript/android/ domyślnie, ponieważ jest to wymagane dla TalkBack wobec funkcja poprawnie.
-
-### Zasady zabezpieczeń zawartości
-
-Formanty, które sieci żądań (obrazy, XHRs, itp.) mogą być wykonane (za pomocą widoku sieci Web bezpośrednio).
-
-Na Androida i iOS biała żądanie sieci (patrz wyżej) nie jest w stanie filtrować wszystkie rodzaje wniosków (np. `< video >` & WebSockets nie są zablokowane). Tak oprócz białej listy, należy użyć tagu `< meta >` [Treści polityki bezpieczeństwa](http://content-security-policy.com/) na wszystkich stronach.
-
-Na Android wsparcie dla CSP w ramach systemu widoku sieci Web zaczyna KitKat (ale jest dostępne we wszystkich wersjach przy użyciu widoku sieci Web przejście dla pieszych).
-
-Oto niektóre przykład CSP deklaracje dla strony `HTML` :
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/zh/README.md b/doc/zh/README.md
deleted file mode 100644
index c2c7e11..0000000
--- a/doc/zh/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-這個外掛程式實現一個用於導航在科爾多瓦 4.0 應用程式 web 視圖的白名單策略
-
-## 支援的科爾多瓦平臺
-
- * Android 4.0.0 或以上
- * iOS 4.0.0 或以上
-
-## 導航白名單
-
-控制 web 視圖本身可以導航到的 Url。適用于頂級導航只。
-
-怪癖: 在 Android 上它也適用于 iframe 的非-結計畫。
-
-預設情況下,只有到`file://` Url 導航允許。若要允許其他其他 Url,必須將`<allow-navigation>`標籤添加到您的`config.xml`:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## 科爾多瓦-外掛程式-白名單
-
-控制應用程式允許讓系統打開的 Url。 預設情況下,沒有外部 Url 允許。
-
-在 android 系統,這相當於發送類型 BROWSEABLE 的意圖。
-
-此白名單並不適用于只超連結和對`window.open ()`調用的外掛程式.
-
-在`config.xml`中添加`<allow-intent>`標籤,像這樣:
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## 網路請求白名單
-
-網路請求的控制項 (圖像,XHRs 等) 允許 (通過科爾多瓦本機掛鉤)。
-
-注意: 我們建議你使用內容的安全性原則 (見下文),這是更安全。 此白名單大多是為 webviews 不支援 CSP 的歷史。
-
-在`config.xml`中添加`<access>`標記,像這樣:
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-沒有任何`<access>`標籤,只到`file://` Url 允許請求。 但是,預設的科爾多瓦應用程式包括`<access origin="*">` ,預設情況。
-
-怪癖: Android 還允許對 HTTPs://ssl.gstatic.com/accessibility/javascript/android/ 請求預設情況下,因為這是對講正常所需。
-
-### 內容安全政策
-
-網路請求的控制項 (圖像,XHRs 等) 允許 (通過 web 視圖直接)。
-
-對 Android 和 iOS,網路請求白名單 (見上文) 是不能夠過濾所有類型的請求 (例如`<video>` & Websocket 未被阻止)。 那麼,除了白名單中,你應使用[內容安全性原則](http://content-security-policy.com/) `< 元 >`標記您的所有頁面。
-
-在 android 系統,對 CSP 系統 web 視圖的支援開始奇巧 (但是是上使用 web 視圖人行橫道上的所有版本可用)。
-
-下面是一些示例 CSP 聲明為`.html`頁面:
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/package.json b/package.json
index d6e0126..eb499a1 100644
--- a/package.json
+++ b/package.json
@@ -1,32 +1,33 @@
{
"name": "cordova-plugin-whitelist",
- "version": "1.3.2",
+ "version": "1.3.5",
"description": "Cordova Whitelist Plugin",
"cordova": {
"platforms": [
"android"
]
},
- "repository": {
- "type": "git",
- "url": "https://github.com/apache/cordova-plugin-whitelist"
- },
+ "repository": "github:apache/cordova-plugin-whitelist",
+ "bugs": "https://github.com/apache/cordova-plugin-whitelist/issues",
"keywords": [
"cordova",
"whitelist",
"ecosystem:cordova",
"cordova-android"
],
+ "scripts": {
+ "test": "echo \"no tests implemented for this plugin\""
+ },
+ "author": "Apache Software Foundation",
+ "license": "Apache-2.0",
"engines": {
"cordovaDependencies": {
"0.0.0": {
"cordova-android": ">=4.0.0"
},
- "2.0.0": {
- "cordova": ">100"
+ "1.3.5": {
+ "cordova-android": ">=4.0.0 <10.0.0"
}
}
- },
- "author": "Apache Software Foundation",
- "license": "Apache-2.0"
+ }
}
diff --git a/plugin.xml b/plugin.xml
index c8f4b3d..74d8201 100644
--- a/plugin.xml
+++ b/plugin.xml
@@ -20,14 +20,14 @@
<plugin xmlns="http://apache.org/cordova/ns/plugins/1.0"
id="cordova-plugin-whitelist"
- version="1.3.2">
+ version="1.3.5">
<name>Whitelist</name>
<description>Cordova Network Whitelist Plugin</description>
<license>Apache 2.0</license>
<keywords>cordova,whitelist,policy</keywords>
<engines>
- <engine name="cordova-android" version=">=4.0.0" />
+ <engine name="cordova-android" version=">=4.0.0 <10.0.0" />
</engines>
<platform name="android">
@@ -39,10 +39,6 @@
</config-file>
<source-file src="src/android/WhitelistPlugin.java" target-dir="src/org/apache/cordova/whitelist" />
-
- <info>
- This plugin is only applicable for versions of cordova-android greater than 4.0. If you have a previous platform version, you do *not* need this plugin since the whitelist will be built in.
- </info>
</platform>
</plugin>
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 0000000..cbd65d6
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1,53 @@
+---
+ license: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+---
+
+# cordova-plugin-whitelist-tests
+
+This are an [optional JavaScript interface](#whitelist) to the core Cordova Whitelist functionality and the test plugin that uses it to test cordova-plugin-whitelist.
+
+## Whitelist
+
+> The `whitelist` object provides an interface for testing whether arbitrary
+> URLs are allowed by the currently active configuration, or would be allowed
+> by a given set of whitelist patterns.
+
+### Methods
+
+- cordova.whitelist.match
+- cordova.whitelist.test
+
+#### cordova.whitelist.match
+
+Indicates whether a given URL would be allowed by a set of Whitelist URL
+patterns.
+
+ cordova.whitelist.match(url, patterns, callback);
+
+`callback` will be invoked with a boolean argument indicating whether the
+url matches the set of patterns.
+
+#### cordova.whitelist.test
+
+Indicates whether a given URL would be allowed by the current application
+configuration.
+
+ cordova.whitelist.test(url, callback);
+
+`callback` will be invoked with a boolean argument indicating whether the
+url is currently whitelisted.
diff --git a/tests/package.json b/tests/package.json
new file mode 100644
index 0000000..c4416a6
--- /dev/null
+++ b/tests/package.json
@@ -0,0 +1,15 @@
+{
+ "name": "cordova-plugin-whitelist-tests",
+ "version": "1.3.5",
+ "description": "",
+ "cordova": {
+ "id": "cordova-plugin-whitelist-tests",
+ "platforms": []
+ },
+ "keywords": [
+ "ecosystem:cordova"
+ ],
+ "author": "",
+ "license": "Apache 2.0"
+}
+
diff --git a/tests/plugin.xml b/tests/plugin.xml
new file mode 100644
index 0000000..813eaea
--- /dev/null
+++ b/tests/plugin.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<plugin xmlns="http://cordova.apache.org/ns/plugins/1.0"
+ id="cordova-plugin-whitelist-tests"
+ version="1.3.5">
+ <name>Cordova Plugin Whitelist Tests</name>
+ <license>Apache 2.0</license>
+
+ <js-module src="tests.js" name="tests">
+ </js-module>
+
+ <js-module src="www/whitelist.js" name="whitelist">
+ <clobbers target="cordova.whitelist" />
+ </js-module>
+
+ <!-- android -->
+ <platform name="android">
+ <config-file target="res/xml/config.xml" parent="/*">
+ <feature name="WhitelistAPI" >
+ <param name="android-package" value="org.apache.cordova.test.WhitelistAPI"/>
+ </feature>
+ </config-file>
+
+ <source-file src="src/android/WhitelistAPI.java" target-dir="src/org/apache/cordova/test" />
+
+ <!-- remove <access origin="*" /> -->
+ <hook type="after_prepare" src="scripts/remove-access.js"/>
+
+ <!-- add whitelist configuration the tests test for -->
+ <config-file target="config.xml" parent="/*">
+ <allow-navigation href="http://*.apache.org" />
+ <allow-navigation href="https://*.apache.org" />
+ </config-file>
+
+ </platform>
+
+</plugin>
diff --git a/tests/scripts/remove-access.js b/tests/scripts/remove-access.js
new file mode 100644
index 0000000..4d0d4ed
--- /dev/null
+++ b/tests/scripts/remove-access.js
@@ -0,0 +1,19 @@
+var fs = require('fs');
+var path = require('path');
+var rootdir = "";
+var file = path.join(rootdir, "platforms/android/app/src/main/res/xml/config.xml");
+
+fs.readFile( file, "utf8", function( err, data )
+{
+ if (err)
+ return console.log( err );
+
+ var result = data;
+ result = result.replace( "<access origin=\"*\" />", "" );
+
+ fs.writeFile( file, result, "utf8", function( err )
+ {
+ if (err)
+ return console.log( err );
+ } );
+} );
\ No newline at end of file
diff --git a/tests/src/android/WhitelistAPI.java b/tests/src/android/WhitelistAPI.java
new file mode 100644
index 0000000..934ffb9
--- /dev/null
+++ b/tests/src/android/WhitelistAPI.java
@@ -0,0 +1,90 @@
+/*
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+*/
+package org.apache.cordova.test;
+
+import org.apache.cordova.Whitelist;
+import org.apache.cordova.Config;
+
+import org.apache.cordova.CallbackContext;
+import org.apache.cordova.CordovaPlugin;
+import org.apache.cordova.PluginResult;
+import org.json.JSONArray;
+import org.json.JSONException;
+
+import org.apache.cordova.PluginManager;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+public class WhitelistAPI extends CordovaPlugin {
+ /**
+ * Executes the request and returns PluginResult.
+ *
+ * @param action The action to execute.
+ * @param args JSONArry of arguments for the plugin.
+ * @param callbackContext The callback id used when calling back into JavaScript.
+ * @return True if the action was valid, false if not.
+ */
+ public boolean execute(String action, JSONArray args, CallbackContext callbackContext) throws JSONException {
+ if (action.equals("URLMatchesPatterns")) {
+ String url = args.getString(0);
+ JSONArray patterns = args.getJSONArray(1);
+ Whitelist whitelist = new Whitelist();
+ for (int i=0; i < patterns.length(); i++) {
+ String pattern = patterns.getString(i);
+ whitelist.addWhiteListEntry(pattern, false);
+ }
+ boolean isAllowed = whitelist.isUrlWhiteListed(url);
+ callbackContext.sendPluginResult(new PluginResult(PluginResult.Status.OK, isAllowed));
+ return true;
+ } else if (action.equals("URLIsAllowed")) {
+ String url = args.getString(0);
+ /* This code exists for compatibility between 3.x and 4.x versions of Cordova.
+ * Previously the CordovaWebView class had a method, getWhitelist, which would
+ * return a Whitelist object. Since the fixed whitelist is removed in Cordova 4.x,
+ * the correct call now is to shouldAllowRequest from the plugin manager.
+ */
+ Boolean isAllowed = null;
+ try {
+ Method isUrlWhiteListed = Config.class.getDeclaredMethod("isUrlWhitelisted", String.class);
+ isAllowed = (Boolean)isUrlWhiteListed.invoke(url);
+ } catch (NoSuchMethodException e) {
+ } catch (IllegalAccessException e) {
+ } catch (InvocationTargetException e) {
+ }
+ if (isAllowed == null) {
+ try {
+ Method gpm = webView.getClass().getMethod("getPluginManager");
+ PluginManager pm = (PluginManager)gpm.invoke(webView);
+ Method isAllowedMethod = pm.getClass().getMethod("shouldAllowRequest", String.class);
+ isAllowed = (Boolean)isAllowedMethod.invoke(pm, url);
+ if (isAllowed == null) {
+ isAllowed = false;
+ }
+ } catch (NoSuchMethodException e) {
+ } catch (IllegalAccessException e) {
+ } catch (InvocationTargetException e) {
+ }
+ }
+
+ callbackContext.sendPluginResult(new PluginResult(PluginResult.Status.OK, isAllowed));
+ return true;
+ }
+ return false;
+ }
+}
diff --git a/tests/tests.js b/tests/tests.js
new file mode 100644
index 0000000..b8d0b51
--- /dev/null
+++ b/tests/tests.js
@@ -0,0 +1,214 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+exports.defineAutoTests = function () {
+
+ var isAndroid = (cordova.platformId === "android");
+
+ describe('Whitelist API (cordova.whitelist)', function () {
+
+ it("should exist", function () {
+ expect(cordova.whitelist).toBeDefined();
+ });
+
+ describe("Match function (cordova.whitelist.match) that checks URLs against patterns", function () {
+ function expectMatchWithResult(result) {
+ return (function (url, patterns, description) {
+ description = description || ((result ? "should accept " : "should reject ") + url + " for " + JSON.stringify(patterns));
+ this.result = result;
+
+ describe("Match function", function () {
+ if (!isAndroid) {
+ pending("Whitelist Plugin only exists for Android");
+ }
+
+ // Timeout is 7.5 seconds to allow physical devices enough
+ // time to query the response. This is important for some
+ // Android devices.
+ var originalTimeout,
+ cb;
+
+ beforeEach(function (done) {
+ originalTimeout = jasmine.DEFAULT_TIMEOUT_INTERVAL;
+ jasmine.DEFAULT_TIMEOUT_INTERVAL = 7500;
+
+ cb = jasmine.createSpy('spy').and.callFake(function () {
+ done();
+ });
+ cordova.whitelist.match(url, patterns, cb);
+ });
+
+ afterEach(function () {
+ jasmine.DEFAULT_TIMEOUT_INTERVAL = originalTimeout;
+ });
+
+ it(description, function () {
+ expect(cb).toHaveBeenCalledWith(result);
+ });
+ });
+ });
+ }
+
+ var itShouldMatch = expectMatchWithResult(true);
+ var itShouldNotMatch = expectMatchWithResult(false);
+
+ it("should exist", function () {
+ expect(cordova.whitelist.match).toBeDefined();
+ expect(typeof cordova.whitelist.match).toBe("function");
+ });
+
+ itShouldMatch('http://www.apache.org/', ['*'], "should accept any domain for *");
+ itShouldNotMatch('http://www.apache.org/', [], "should not accept any domain for []");
+
+ itShouldMatch('http://apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://www.apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://www.apache.org/some/path', ['http://*.apache.org']);
+ itShouldMatch('http://some.domain.under.apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://user:pass@apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://user:pass@www.apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://www.apache.org/?some=params', ['http://*.apache.org']);
+ itShouldNotMatch('http://apache.com/', ['http://*.apache.org']);
+ itShouldNotMatch('http://www.evil.com/?url=www.apache.org', ['http://*.apache.org']);
+ itShouldNotMatch('http://www.evil.com/?url=http://www.apache.org', ['http://*.apache.org']);
+ itShouldNotMatch('http://www.evil.com/?url=http%3A%2F%2Fwww%2Eapache%2Eorg', ['http://*.apache.org']);
+ itShouldNotMatch('https://apache.org/', ['http://*.apache.org']);
+ itShouldNotMatch('http://www.apache.org:pass@evil.com/', ['http://*.apache.org']);
+ itShouldNotMatch('http://www.apache.org.evil.com/', ['http://*.apache.org']);
+
+ itShouldMatch('http://www.apache.org/', ['http://*.apache.org', 'https://*.apache.org']);
+ itShouldMatch('https://www.apache.org/', ['http://*.apache.org', 'https://*.apache.org']);
+ itShouldNotMatch('ftp://www.apache.org/', ['http://*.apache.org', 'https://*.apache.org']);
+ itShouldNotMatch('http://www.apache.com/', ['http://*.apache.org', 'https://*.apache.org']);
+
+ itShouldMatch('http://www.apache.org/', ['http://www.apache.org']);
+ itShouldNotMatch('http://build.apache.org/', ['http://www.apache.org']);
+ itShouldNotMatch('http://apache.org/', ['http://www.apache.org']);
+
+ itShouldMatch('http://www.apache.org/', ['http://*/*']);
+ itShouldMatch('http://www.apache.org/foo/bar.html', ['http://*/*']);
+
+ itShouldMatch('http://www.apache.org/foo', ['http://*/foo*']);
+ itShouldMatch('http://www.apache.org/foo/bar.html', ['http://*/foo*']);
+ itShouldNotMatch('http://www.apache.org/', ['http://*/foo*']);
+
+ itShouldMatch('file:///foo', ['file:///*']);
+
+ itShouldMatch('file:///foo', ['file:///foo*']);
+ itShouldMatch('file:///foo/bar.html', ['file:///foo*']);
+ itShouldNotMatch('file:///foo.html', []);
+ itShouldNotMatch('http://www.apache.org/etc/foo', ['http://www.apache.org/foo*']);
+ itShouldNotMatch('http://www.apache.org/foo', ['file:///foo*']);
+
+ itShouldMatch('http://www.apache.org/', ['*://www.apache.org/*']);
+ itShouldMatch('https://www.apache.org/', ['*://www.apache.org/*']);
+ itShouldMatch('ftp://www.apache.org/', ['*://www.apache.org/*']);
+ itShouldMatch('file://www.apache.org/', ['*://www.apache.org/*']);
+ if (cordova.platformId == 'android')
+ itShouldMatch('content://www.apache.org/', ['*://www.apache.org/*']);
+ itShouldMatch('foo://www.apache.org/', ['*://www.apache.org/*']);
+ itShouldNotMatch('http://www.apache.com/', ['*://www.apache.org/*']);
+
+ itShouldMatch('http://www.apache.org/', ['*.apache.org']);
+ itShouldMatch('https://www.apache.org/', ['*.apache.org']);
+ itShouldNotMatch('ftp://www.apache.org/', ['*.apache.org']);
+
+ itShouldMatch('http://www.apache.org:81/', ['http://www.apache.org:81/*']);
+ itShouldMatch('http://user:pass@www.apache.org:81/foo/bar.html', ['http://www.apache.org:81/*']);
+ itShouldNotMatch('http://www.apache.org:80/', ['http://www.apache.org:81/*']);
+ itShouldNotMatch('http://www.apache.org/', ['http://www.apache.org:81/*']);
+ itShouldNotMatch('http://www.apache.org:foo/', ['http://www.apache.org:81/*']);
+ itShouldNotMatch('http://www.apache.org:81@www.apache.org/', ['http://www.apache.org:81/*']);
+ itShouldNotMatch('http://www.apache.org:81@www.evil.com/', ['http://www.apache.org:81/*']);
+
+ itShouldMatch('http://www.APAche.org/', ['*.apache.org']);
+ itShouldMatch('http://WWw.apache.org/', ['*.apache.org']);
+ itShouldMatch('http://www.apache.org/', ['*.APACHE.ORG']);
+ itShouldMatch('HTTP://www.apache.org/', ['*.apache.org']);
+ itShouldMatch('HTTP://www.apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://www.apache.org/', ['HTTP://*.apache.org']);
+
+ itShouldMatch('http://www.apache.org/foo/', ['*://*.apache.org/foo/*']);
+ itShouldMatch('http://www.apache.org/foo/bar', ['*://*.apache.org/foo/*']);
+ itShouldNotMatch('http://www.apache.org/bar/foo/', ['*://*.apache.org/foo/*']);
+ itShouldNotMatch('http://www.apache.org/Foo/', ['*://*.apache.org/foo/*']);
+ itShouldNotMatch('http://www.apache.org/Foo/bar', ['*://*.apache.org/foo/*']);
+ });
+
+ describe("Test function (cordova.whitelist.test) that checks against config.xml", function () {
+ function expectTestWithResult(result) {
+ return (function (url, description) {
+ description = description || ((result ? "should accept " : "should reject ") + url);
+
+ describe("Test function", function () {
+ if (!isAndroid) {
+ pending("Whitelist Plugin only exists for Android");
+ }
+
+ var cb,
+ originalTimeout;
+
+ beforeEach(function (done) {
+ originalTimeout = jasmine.DEFAULT_TIMEOUT_INTERVAL;
+ jasmine.DEFAULT_TIMEOUT_INTERVAL = 7500;
+ cb = jasmine.createSpy('spy').and.callFake(function (){
+ done();
+ });
+ cordova.whitelist.test(url, cb);
+ });
+
+ afterEach(function () {
+ jasmine.DEFAULT_TIMEOUT_INTERVAL = originalTimeout;
+ });
+
+ it(description, function () {
+ expect(cb).toHaveBeenCalledWith(result);
+ });
+ });
+ });
+ }
+
+ var itShouldAccept = expectTestWithResult(true);
+ var itShouldReject = expectTestWithResult(false);
+
+ it("should exist", function () {
+ expect(cordova.whitelist.test).toBeDefined();
+ expect(typeof cordova.whitelist.test).toBe("function");
+ });
+
+ itShouldAccept('http://apache.org');
+ itShouldAccept('http://apache.org/');
+ itShouldAccept('http://www.apache.org/');
+ itShouldAccept('http://www.apache.org/some/path');
+ itShouldAccept('http://some.domain.under.apache.org/');
+ itShouldAccept('http://user:pass@apache.org/');
+ itShouldAccept('http://user:pass@www.apache.org/');
+ itShouldAccept('https://www.apache.org/');
+
+ itShouldReject('ftp://www.apache.org/');
+ itShouldReject('http://www.apache.com/');
+ itShouldReject('http://www.apache.org:pass@evil.com/');
+ itShouldReject('http://www.apache.org.evil.com/');
+
+ itShouldAccept('file:///foo');
+ if (cordova.platformId == 'android')
+ itShouldReject('content:///foo');
+ });
+ });
+}
\ No newline at end of file
diff --git a/tests/www/whitelist.js b/tests/www/whitelist.js
new file mode 100644
index 0000000..b342c0f
--- /dev/null
+++ b/tests/www/whitelist.js
@@ -0,0 +1,34 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+*/
+
+var argscheck = require('cordova/argscheck'),
+ exec = require('cordova/exec');
+
+module.exports = {
+ match: function(url, patterns, callback) {
+ //argscheck.checkArgs('fF', 'Whitelist.match', arguments);
+ exec(callback, callback, "WhitelistAPI", "URLMatchesPatterns", [url, patterns]);
+ },
+ test: function(url, callback) {
+ //argscheck.checkArgs('fF', 'Whitelist.test', arguments);
+ exec(callback, callback, "WhitelistAPI", "URLIsAllowed", [url]);
+ }
+}
