test,ci(travis): Tests (extracted from cordova-mobile-spec) (#38)
* remove outdated docs translations
* migreate tests from https://github.com/apache/cordova-mobile-spec/tree/master/cordova-plugin-mobilespec-tests
* CI configuration for Travis with SAUCE_KEY
* add npm test taht does nothing
* fix SAUCE_ACCESS_KEY in .travis.yml
* remove <access origin="*" /> from original config.xml via hook script
* run tests only on Android
* improve test description
add "should exist" check for cordova.whitelist.match
* improve README
clean package.json
* better test group naming
* better test formatting
* better code ordering
* only add configuration necessary for tests
* Update .travis.yml
* Update .travis.yml
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..91848c9
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,118 @@
+# This Travis configuration file is built after a Cordova Paramedic
+# specific template with minimal modifications and adaptations:
+# https://github.com/apache/cordova-paramedic/blob/master/.travis.yml
+
+sudo: false
+
+addons:
+ jwt:
+ # SAUCE_ACCESS_KEY
+ secure: "lXoPl/RjXnA5FocMLhpA4nFtzH/VaX6oMDG4H/uNAKBusTpQiVmmnXkZhv6ERsuuHHMUfZn/29m2On1J4hv8x+u5XpBjkTe0/5umYARTuyWXfnMmILNVNKZr7qmaiFBXI1LrnEoNqgbKR1ZqoN6bMrPZEWRr7AFVgwkRsWRoeTc="
+
+env:
+ global:
+ - SAUCE_USERNAME=snay
+ - TRAVIS_NODE_VERSION=6
+ - ANDROID_API_LEVEL=28
+ - ANDROID_BUILD_TOOLS_VERSION=28.0.3
+
+language: node_js
+node_js: 6
+
+# yaml anchor/alias: https://medium.com/@tommyvn/travis-yml-dry-with-anchors-8b6a3ac1b027
+
+_ios: &_ios
+ os: osx
+ osx_image: xcode10.2
+
+_android: &_android
+ language: android
+ os: linux
+ jdk: oraclejdk8
+ android:
+ components:
+ - tools
+ - build-tools-$ANDROID_BUILD_TOOLS_VERSION
+ - android-$ANDROID_API_LEVEL
+ licenses:
+ - 'android-sdk-preview-license-.+'
+ - 'android-sdk-license-.+'
+ - 'google-gdk-license-.+'
+
+matrix:
+ include:
+ # local tests, without saucelabs
+ - env: PLATFORM=local/browser
+ <<: *_ios
+ - env: PLATFORM=local/ios-10.0
+ <<: *_ios
+
+ # many tests with saucelabs
+ - env: PLATFORM=browser-chrome
+ - env: PLATFORM=browser-firefox
+ - env: PLATFORM=browser-safari
+ - env: PLATFORM=browser-edge
+
+ - env: PLATFORM=ios-11.3
+ <<: *_ios
+ - env: PLATFORM=ios-12.0
+ <<: *_ios
+ - env: PLATFORM=ios-12.2
+ <<: *_ios
+
+ - env: PLATFORM=android-6.0
+ <<: *_android
+ - env: PLATFORM=android-7.0
+ <<: *_android
+ - env: PLATFORM=android-7.1
+ <<: *_android
+ - env: PLATFORM=android-8.0
+ <<: *_android
+ - env: PLATFORM=android-8.1
+ <<: *_android
+ - env: PLATFORM=android-9.0
+ <<: *_android
+
+before_install:
+ # manually install Node for `language: android`
+ - if [[ "$PLATFORM" =~ android ]]; then nvm install $TRAVIS_NODE_VERSION; fi
+ - node --version
+ - if [[ "$PLATFORM" =~ android ]]; then gradle --version; fi
+ - if [[ "$PLATFORM" =~ ios ]]; then npm install -g ios-deploy; fi
+ - npm install -g cordova
+ # install paramedic if not running on paramedic repo
+ - if ! [[ "$TRAVIS_REPO_SLUG" =~ cordova-paramedic ]]; then npm install -g github:apache/cordova-paramedic; fi
+
+install:
+ - npm install
+
+before_script:
+ - |
+ if [[ "$TRAVIS_REPO_SLUG" =~ cordova-paramedic ]]; then
+ # when used in the cordova-paramedic repo
+ TEST_COMMAND="npm run eslint"
+ PARAMEDIC_PLUGIN_TO_TEST="./spec/testable-plugin/"
+ PARAMEDIC_COMMAND="node main.js"
+ else
+ # when used in any other (plugin) repo
+ TEST_COMMAND="npm test"
+ PARAMEDIC_PLUGIN_TO_TEST=$(pwd)
+ PARAMEDIC_COMMAND="cordova-paramedic"
+ fi
+ - PARAMEDIC_BUILDNAME=travis-$TRAVIS_REPO_SLUG-$TRAVIS_JOB_NUMBER
+ - |
+ echo "Variables now are set to:"
+ echo "TEST_COMMAND=$TEST_COMMAND"
+ echo "ADDITIONAL_TESTS=$ADDITIONAL_TESTS"
+ echo "PARAMEDIC_COMMAND=$PARAMEDIC_COMMAND"
+ echo "PLATFORM=$PLATFORM"
+ echo "PARAMEDIC_PLUGIN_TO_TEST=$PARAMEDIC_PLUGIN_TO_TEST"
+ echo "PARAMEDIC_BUILDNAME=$PARAMEDIC_BUILDNAME"
+
+script:
+ - $TEST_COMMAND
+ - if [[ "$ADDITIONAL_TESTS_DIR" != "" ]]; then
+ cd $ADDITIONAL_TESTS_DIR && npm install && npm test;
+ else
+ $PARAMEDIC_COMMAND --config ./pr/$PLATFORM --plugin $PARAMEDIC_PLUGIN_TO_TEST --buildName $PARAMEDIC_BUILDNAME;
+ fi
diff --git a/doc/de/README.md b/doc/de/README.md
deleted file mode 100644
index e97eaa6..0000000
--- a/doc/de/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-Dieses Plugin implementiert eine Whitelist-Politik für die Navigation in der Anwendung Webview Cordova 4.0
-
-## Cordova unterstützte Plattformen
-
- * Android 4.0.0 oder höher
- * iOS 4.0.0 oder höher
-
-## Navigation-Whitelist
-
-Steuert, welche URLs die WebView selbst zu navigiert werden kann. Bezieht sich auf der obersten Ebene Navigationen nur.
-
-Macken: auf Android es gilt auch für Iframes für nicht-http(s) Systeme.
-
-In der Standardeinstellung Navigationen nur auf `file://` URLs, sind zulässig. Wenn andere andere URLs zulassen möchten, müssen Sie Ihre `"config.xml"` `<allow-navigation>` Markierungen hinzufügen:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## Vorsatz-Whitelist
-
-Steuert, welche URLs die app zulässig ist, um das System zu öffnen Fragen. Standardmäßig dürfen keine externe URLs.
-
-Das entspricht auf Android eine Absicht des Typs BROWSEABLE senden.
-
-Diese Whitelist gilt nicht für Plugins, nur Hyperlinks und Aufrufe von `window.open()`.
-
-Fügen Sie in `"config.xml"` `<allow-intent>` Tags hinzu, wie folgt:
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## Netzwerk-Anforderung-Whitelist
-
-Steuert, welche-Anforderungen Netzwerk (Bilder, XHRs, etc.) dürfen (über Cordova native Haken) erfolgen.
-
-Hinweis: Wir empfehlen Ihnen eine Content Security Policy (siehe unten), das ist sicherer. Diese Whitelist ist vor allem historisch für Webansichten für die CSP nicht unterstützen.
-
-Fügen Sie in `"config.xml"` `<access>` Tags hinzu, wie folgt:
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-Ohne `<access>` -Tags dürfen nur Anforderungen an `file://` URLs. Enthält jedoch die Standardanwendung Cordova `<access origin="*">` standardmäßig.
-
-Eigenart: Android kann auch Anforderungen an https://ssl.gstatic.com/accessibility/javascript/android/ standardmäßig, da dies für TalkBack ordnungsgemäß erforderlich ist.
-
-### Content-Security-Policy
-
-Steuert, welche-Anforderungen Netzwerk (Bilder, XHRs, etc.) dürfen (über Webview direkt) erfolgen.
-
-Auf Android und iOS ist die Netzwerk Anfrage Whitelist (s.o.) nicht in der Lage, alle Arten von Anfragen (z.B. `< video >` & WebSockets nicht blockiert) filtern. Also, sollten Sie neben der Whitelist, [Content Security Policy](http://content-security-policy.com/) `< Meta >` -Tags auf allen Ihren Seiten verwenden.
-
-Auf Android Unterstützung für CSP innerhalb der System-Webview beginnt mit KitKat (aber ist in allen Versionen mit Crosswalk WebView verfügbar).
-
-Hier sind einige Beispiel-CSP-Deklarationen für Ihre `HTML` -Seiten:
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/es/README.md b/doc/es/README.md
deleted file mode 100644
index b3e4684..0000000
--- a/doc/es/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-Este plugin implementa una política de lista blanca para navegar la aplicación webview en Cordova 4.0
-
-## Plataformas soportadas Cordova
-
- * Android 4.0 o superior
- * iOS 4.0.0 o superior
-
-## Lista blanca de navegación
-
-Controla que las URLs del WebView se puede navegar a. Se aplica a nivel superior navegaciones solo.
-
-Peculiaridades: en Android también se aplica a iframes para esquemas que son de http (s).
-
-Por defecto, navegaciones solo a direcciones URL `file://` , son permitidas. Para permitir que otros otras URL, debe agregar `< allow-navegación >` etiquetas en el `archivo config.xml`:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## Intención de lista blanca
-
-Controla qué URLs de la aplicación se permite hacer el sistema para abrir. De forma predeterminada, se permiten ninguÌ n external URLs.
-
-En Android, esto equivale a enviar una intención de tipo BROWSEABLE.
-
-Esta lista blanca no se aplica a plugins, sólo los hipervínculos y las llamadas a `window.Open)`.
-
-En `config.xml`, agregar etiquetas `< allow-intent >` , como este:
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## Solicitud de red blanca
-
-Controles que las peticiones de la red (imágenes, XHRs, etc.) se les permite hacer (a través de ganchos nativa de Córdoba).
-
-Nota: Le sugerimos que utilice una política de seguridad de contenido (véase abajo), que es más seguro. Esta lista blanca es sobre todo histórico para webviews que no admiten la CSP.
-
-En `config.xml`, agregue etiquetas de `< access >` , como este:
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-Sin las etiquetas `< access >` , se admiten sólo las solicitudes a direcciones URL `file://` . Sin embargo, la aplicación por defecto de Cordova incluye `< access origin = "*" >` por defecto.
-
-Quirk: Android también permite las solicitudes de https://ssl.gstatic.com/accessibility/javascript/android/ por defecto, puesto que es necesario para TalkBack funcionar correctamente.
-
-### Política de seguridad de contenido
-
-Controles que las peticiones de la red (imágenes, XHRs, etc.) se les permite hacer (vía webview directamente).
-
-En iOS y Android, la red solicitud lista blanca (véase arriba) no es capaz de filtrar todos los tipos de solicitudes (por ejemplo, `< video >` y WebSockets no estén bloqueadas). Así, además de la lista blanca, usted debe utilizar una etiqueta `< meta >` de [Contenido la política de seguridad](http://content-security-policy.com/) en todas las páginas.
-
-En Android, soporte para CSP en el sistema webview comienza con KitKat (pero está disponible en todas las versiones con WebView de paso de peatones).
-
-Aquí están algunas declaraciones de CSP de ejemplo para las páginas `.html` :
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/fr/README.md b/doc/fr/README.md
deleted file mode 100644
index 2a8c4b7..0000000
--- a/doc/fr/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-Ce plugin met en œuvre une politique de liste blanche pour naviguer le webview application sur Cordova 4.0
-
-## Plates-formes prises en charge Cordova
-
- * 4.0.0 Android ou supérieur
- * iOS 4.0.0 ou supérieur
-
-## Navigation liste blanche
-
-Contrôle quels URL le WebView lui-même peut être parcourus à. S'applique à des navigations niveau supérieur seulement.
-
-Particularités : sur Android il s'applique également aux iframes pour non-schémas http (s).
-
-Par défaut, navigations qu'aux URL `file://` , sont autorisés. Pour permettre aux autres d'autres URL, vous devez ajouter des balises `<allow-navigation>` à votre `fichier config.xml`:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## Intent Whitelist
-
-Contrôle quels URL l'app n'est autorisé à poser le système d'ouverture. Par défaut, aucun external URL est autorisés.
-
-Sur Android, cela équivaut à envoyer une intention de type BROWSEABLE.
-
-Cette autorisation ne s'applique pas aux plugins, uniquement les liens hypertexte et les appels à `window.open()`.
-
-Dans le `fichier config.xml`, ajouter des balises `<allow-intent>` , comme ceci :
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## Réseau demande liste blanche
-
-Les contrôles dont les demandes de réseau (images, XHRs, etc.) sont autorisés à effectuer (via cordova natif crochets).
-
-Remarque : Nous vous suggérons de qu'utiliser un contenu politique de sécurité (voir ci-dessous), qui est plus sûr. Cette liste blanche est surtout historique pour webviews qui ne prennent pas en charge les CSP.
-
-Dans le `fichier config.xml`, ajouter des balises `<access>` , comme ceci :
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-Sans les balises `<access>` , seules les demandes d'URL `file://` sont autorisés. Toutefois, l'application de Cordoue par défaut inclut `<access origin="*" >` par défaut.
-
-Bizarrerie : Android permet également aux requêtes à https://ssl.gstatic.com/accessibility/javascript/android/ par défaut, puisque c'est nécessaire pour TalkBack fonctionner correctement.
-
-### Politique de sécurité du contenu
-
-Les contrôles dont les demandes de réseau (images, XHRs, etc.) sont autorisés à effectuer (via webview directement).
-
-Sur Android et iOS, la réseau demande liste blanche (voir ci-dessus) n'est pas en mesure de filtrer tous les types de demandes (p. ex. `< video >` & WebSockets ne sont pas bloquées). Ainsi, en plus de la liste blanche, vous devez utiliser une balise `< meta >` de [Contenu politique de sécurité](http://content-security-policy.com/) sur toutes vos pages.
-
-Sur Android, support pour le CSP dans le système webview commence par KitKat (mais n'est disponible sur toutes les versions à l'aide du tableau de concordance WebView).
-
-Voici quelques exemples de déclarations de CSP pour vos pages `.html` :
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/it/README.md b/doc/it/README.md
deleted file mode 100644
index 157dc03..0000000
--- a/doc/it/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-Questo plugin attua una politica di whitelist per spostarsi all'interno dell'applicazione webview in Cordova 4.0
-
-## Piattaforme supportate Cordova
-
- * Android 4.0.0 o superiore
- * iOS 4.0.0 o superiore
-
-## Navigazione Whitelist
-
-Controlla quali URL WebView stessa può essere esplorato. Si applica al solo primo livello navigazioni.
-
-Stranezze: su Android vale anche per gli iframe per non-schemi di http (s).
-
-Per impostazione predefinita, navigazioni solo agli URL `file://` , sono ammessi. Per consentire altri altri URL, è necessario aggiungere `<allow-navigation>` tag per il tuo `config. XML`:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## Whitelist intento
-
-Controlla quali URL app è consentito richiedere il sistema di apertura. Per impostazione predefinita, nessun esterno URL sono ammessi.
-
-Su Android, ciò equivale all'invio di un intento di tipo BROWSEABLE.
-
-Questa whitelist non si applica ai plugin, solo i collegamenti ipertestuali e chiamate a `Window`.
-
-In `config. XML`, aggiungere tag `<allow-intent>` , simile al seguente:
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## Rete richiesta Whitelist
-
-Controlli che le richieste di rete (immagini, XHRs, ecc.) sono consentiti (tramite ganci nativo di cordova).
-
-Nota: Si consiglia di che utilizzare un criterio di protezione contenuti (Vedi sotto), che è più sicuro. La whitelist è principalmente storico per visualizzazioni Web che non supportano la CSP.
-
-In `config. XML`, aggiungere tag `< access >` , simile al seguente:
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-Senza qualsiasi tag `< access >` , sono consentite solo le richieste di URL `file://` . Tuttavia, l'applicazione di Cordova predefinito include `< access origin = "*" >` per impostazione predefinita.
-
-Stranezza: Android consente anche alle richieste di https://ssl.gstatic.com/accessibility/javascript/android/ per impostazione predefinita, poiché questa operazione è necessaria per TalkBack funzionare correttamente.
-
-### Politica di sicurezza del contenuto
-
-Controlli che le richieste di rete (immagini, XHRs, ecc.) possono essere effettuate (via webview direttamente).
-
-Su Android e iOS, la rete richiesta whitelist (Vedi sopra) non è in grado di filtrare tutti i tipi di richieste (ad esempio non sono bloccate `< video >` & WebSockets). Così, oltre alla whitelist, è necessario utilizzare un tag `< meta >` [Content Security Policy](http://content-security-policy.com/) su tutte le pagine.
-
-Su Android, supporto per CSP all'interno webview sistema inizia con KitKat (ma è disponibile su tutte le versioni usando Crosswalk WebView).
-
-Ecco alcuni esempi di dichiarazioni di CSP per le pagine `HTML` :
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/ja/README.md b/doc/ja/README.md
deleted file mode 100644
index 6db17f1..0000000
--- a/doc/ja/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-このプラグイン実装コルドバ 4.0 アプリケーション webview をナビゲートするためのホワイト リスト ポリシー
-
-## サポートされているコルドバのプラットフォーム
-
- * アンドロイド 4.0.0 以上
- * iOS 4.0.0 以上
-
-## ナビゲーションのホワイト リスト
-
-WebView 自体に移動に Url を制御します。最上位ナビゲーションのみに適用されます。
-
-癖: Android にもに適用されますの iframe 非-[http スキーム。
-
-既定では、ナビゲーション、 `file://`の Url にのみ許可されます。その他の他の Url を許可するように、 `config.xml`に`<allow-navigation>`タグを追加する必要があります。
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## インテントのホワイト リスト
-
-どの Url を開くようにシステムを聞いて、アプリに許可を制御します。 既定では、外部 Url 許可されません。
-
-人造人間、これは型 BROWSEABLE の意図を送信することに相当します。
-
-このホワイト リストはプラグインのみハイパーリンクおよび`window.open()`への呼び出しには適用されません。.
-
-`Config.xml`内の`<allow-intent>`タグは、このようなを追加します。
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## ネットワーク要求のホワイト リスト
-
-ネットワーク要求コントロール (画像、XHRs 等) (コルドバ ネイティブ フック) を介して行われることが。
-
-注: より安全なコンテンツ セキュリティ ポリシー (下記参照) を使用してお勧めします。 このホワイト リストほとんどの CSP をサポートしていない web 表示のために歴史的です。
-
-`Config.xml`内のこのような`<access>`タグを追加します。
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-`<access>`タグ、なし`file://` Url に要求のみを許可します。 ただし、既定のコルドバ アプリケーションが含まれています`<access origin="*">`デフォルトで。
-
-気まぐれ: アンドロイドも要求できます https://ssl.gstatic.com/accessibility/javascript/android/デフォルトでは、トークが正常に機能するために必要ですので。
-
-### コンテンツのセキュリティ ポリシー
-
-ネットワーク要求コントロール (画像、XHRs 等) (直接 webview) を介して行われることが。
-
-Android と iOS は、ネットワーク要求ホワイト リスト (上記参照) はすべての種類の要求 (例: `< ビデオ >` & Websocket がふさがれていない) をフィルター処理できません。 だから、ホワイト リストに加えてすべてのページに[コンテンツ セキュリティ ポリシー](http://content-security-policy.com/) `< meta >`タグを使用する必要があります。
-
-Android 上システム webview 内 CSP サポート キットカットから始まります (しかし横断歩道 WebView を使用してすべてのバージョンで利用可能です)。
-
-`.Html`ページのいくつかの例 CSP の宣言は次のとおりです。
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/ko/README.md b/doc/ko/README.md
deleted file mode 100644
index 4cbae91..0000000
--- a/doc/ko/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-이 플러그인 구현 코르도바 4.0 응용 프로그램 webview를 탐색에 대 한 허용 정책
-
-## 지원된 코르도바 플랫폼
-
- * 안 드 로이드 4.0.0 이상
- * iOS 4.0.0 이상
-
-## 탐색 허용
-
-WebView 자체가 탐색할 수 있는 Url을 제어 합니다. 최상위 탐색에만 적용 됩니다.
-
-단점: 안 드 로이드에도 적용 됩니다 iframe에 대 한 비-프로토콜인 계획.
-
-기본적으로 탐색 `file://` Url에만 사용할 수 있습니다. 다른 다른 Url을 허용 하려면 `config.xml`에 `< allow-navigation >` 태그를 추가 해야 합니다.
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## 의도 허용
-
-App 시스템 열을 게 허용 되는 Url을 제어 합니다. 기본적으로 외부 Url은 사용할 수 있습니다.
-
-안 드 로이드에이 형식의 BROWSEABLE 의도 보내는 것 같습니다.
-
-이 허용 된 플러그인, 하이퍼링크 및 `window.open ()` 호출에 적용 되지 않습니다..
-
-`Config.xml`에이 같은 `< allow-intent >` 태그를 추가 합니다.
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## 네트워크 요청 허용
-
-요청을 네트워크 컨트롤 (이미지, XHRs, 등) (코르도바 네이티브 후크)를 통해 할 수 있습니다.
-
-참고: 당신이 사용 콘텐츠 보안 정책 (아래 참조), 더 안전한 것이 좋습니다. 이 허용은 CSP를 지원 하지 않는 webviews에 대 한 역사적.
-
-`Config.xml`에이 같은 `< access >` 태그를 추가 합니다.
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-어떤 `< access >` 태그 없이 요청 `file://` Url 사용할 수 있습니다. 그러나 기본 코르도바 응용 프로그램을 포함 하는, `< access origin="*" >` 기본적으로.
-
-특질: 안 드 로이드 또한 수 있습니다 요청을 https://ssl.gstatic.com/accessibility/javascript/android/ 기본적으로 필요 제대로 작동 하려면 의견 이므로.
-
-### 콘텐츠 보안 정책
-
-요청을 네트워크 컨트롤 (이미지, XHRs, 등) (webview 직접)를 통해 할 수 있습니다.
-
-안 드 로이드와 iOS에 네트워크 요청 허용 (위 참조)는 모든 종류의 요청 (예: `< 비디오 >` & WebSockets 차단 되지 않습니다)를 필터링 할 수 없습니다. 그래서, 허용, 뿐만 아니라 귀하의 모든 페이지에 [콘텐츠 보안 정책](http://content-security-policy.com/) `< meta >` 태그를 사용 해야 합니다.
-
-안 드 로이드, 시스템 webview 내에서 CSP에 대 한 지원을 KitKat 시작 (하지만 횡단 보도 WebView를 사용 하 여 모든 버전에서 사용할 수).
-
-다음은 `.html` 페이지에 대 한 몇 가지 예제 CSP 선언입니다.
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/pl/README.md b/doc/pl/README.md
deleted file mode 100644
index ecdc3d5..0000000
--- a/doc/pl/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-Ten plugin wdraża polityki białej nawigacja widoku sieci Web aplikacji na Cordova 4.0
-
-## Cordova obsługiwanych platform
-
- * Android 4.0.0 lub powyżej
- * iOS 4.0.0 lub powyżej
-
-## Biała lista nawigacji
-
-Kontroluje, których adresy URL widoku sieci Web, samej można nawigować do. Dotyczy tylko najwyższego poziomu nawigacje.
-
-Dziwactwa: na Android to dotyczy także IFRAME do nie-http (s) systemów.
-
-Domyślnie, nawigacje tylko do URLi `file://` , są dozwolone. Aby zezwolić na inne adresy URL, należy dodać Tagi `< allow-navigation >` do pliku `config.xml`:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## Zamiarem biała
-
-Kontroluje, których adresy URL aplikacji jest możliwość zapytać systemem otwierania. Domyślnie nie ma zewnętrznych adresów URL są dozwolone.
-
-Na Android to przyrównuje do wysyłania zamiarem typu BROWSEABLE.
-
-Ta biała nie ma zastosowania do pluginów, tylko hiperłącza i wywołania `window.open()`.
-
-W `pliku config.xml`dodawanie tagów `< allow-intent >` , jak to:
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## Sieci wniosek biała
-
-Formanty, które sieci żądań (obrazy, XHRs, itp.) mogą być wykonane (za pośrednictwem cordova rodzimych haki).
-
-Uwaga: Zalecamy, że używasz treści polityki bezpieczeństwa (patrz poniżej), który jest bardziej bezpieczne. Ta Biała jest głównie historyczne dla webviews, które nie obsługują CSP.
-
-W `pliku config.xml`dodawanie tagów `< access >` , jak to:
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-Bez żadnych tagów `< access >` dozwolone są tylko żądania do URLi `file://` . Jednak domyślnie Cordova aplikacja zawiera `< access origin = "*" >` domyślnie.
-
-Cokół: Android pozwala również żądania do https://ssl.gstatic.com/accessibility/javascript/android/ domyślnie, ponieważ jest to wymagane dla TalkBack wobec funkcja poprawnie.
-
-### Zasady zabezpieczeń zawartości
-
-Formanty, które sieci żądań (obrazy, XHRs, itp.) mogą być wykonane (za pomocą widoku sieci Web bezpośrednio).
-
-Na Androida i iOS biała żądanie sieci (patrz wyżej) nie jest w stanie filtrować wszystkie rodzaje wniosków (np. `< video >` & WebSockets nie są zablokowane). Tak oprócz białej listy, należy użyć tagu `< meta >` [Treści polityki bezpieczeństwa](http://content-security-policy.com/) na wszystkich stronach.
-
-Na Android wsparcie dla CSP w ramach systemu widoku sieci Web zaczyna KitKat (ale jest dostępne we wszystkich wersjach przy użyciu widoku sieci Web przejście dla pieszych).
-
-Oto niektóre przykład CSP deklaracje dla strony `HTML` :
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/doc/zh/README.md b/doc/zh/README.md
deleted file mode 100644
index c2c7e11..0000000
--- a/doc/zh/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-<!--
-# license: Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
--->
-
-# cordova-plugin-whitelist
-
-這個外掛程式實現一個用於導航在科爾多瓦 4.0 應用程式 web 視圖的白名單策略
-
-## 支援的科爾多瓦平臺
-
- * Android 4.0.0 或以上
- * iOS 4.0.0 或以上
-
-## 導航白名單
-
-控制 web 視圖本身可以導航到的 Url。適用于頂級導航只。
-
-怪癖: 在 Android 上它也適用于 iframe 的非-結計畫。
-
-預設情況下,只有到`file://` Url 導航允許。若要允許其他其他 Url,必須將`<allow-navigation>`標籤添加到您的`config.xml`:
-
- <!-- Allow links to example.com -->
- <allow-navigation href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-navigation href="*://*.example.com/*" />
-
- <!-- A wildcard can be used to whitelist the entire network,
- over HTTP and HTTPS.
- *NOT RECOMMENDED* -->
- <allow-navigation href="*" />
-
- <!-- The above is equivalent to these three declarations -->
- <allow-navigation href="http://*/*" />
- <allow-navigation href="https://*/*" />
- <allow-navigation href="data:*" />
-
-
-## 科爾多瓦-外掛程式-白名單
-
-控制應用程式允許讓系統打開的 Url。 預設情況下,沒有外部 Url 允許。
-
-在 android 系統,這相當於發送類型 BROWSEABLE 的意圖。
-
-此白名單並不適用于只超連結和對`window.open ()`調用的外掛程式.
-
-在`config.xml`中添加`<allow-intent>`標籤,像這樣:
-
- <!-- Allow links to web pages to open in a browser -->
- <allow-intent href="http://*/*" />
- <allow-intent href="https://*/*" />
-
- <!-- Allow links to example.com to open in a browser -->
- <allow-intent href="http://example.com/*" />
-
- <!-- Wildcards are allowed for the protocol, as a prefix
- to the host, or as a suffix to the path -->
- <allow-intent href="*://*.example.com/*" />
-
- <!-- Allow SMS links to open messaging app -->
- <allow-intent href="sms:*" />
-
- <!-- Allow tel: links to open the dialer -->
- <allow-intent href="tel:*" />
-
- <!-- Allow geo: links to open maps -->
- <allow-intent href="geo:*" />
-
- <!-- Allow all unrecognized URLs to open installed apps
- *NOT RECOMMENDED* -->
- <allow-intent href="*" />
-
-
-## 網路請求白名單
-
-網路請求的控制項 (圖像,XHRs 等) 允許 (通過科爾多瓦本機掛鉤)。
-
-注意: 我們建議你使用內容的安全性原則 (見下文),這是更安全。 此白名單大多是為 webviews 不支援 CSP 的歷史。
-
-在`config.xml`中添加`<access>`標記,像這樣:
-
- <!-- Allow images, xhrs, etc. to google.com -->
- <access origin="http://google.com" />
- <access origin="https://google.com" />
-
- <!-- Access to the subdomain maps.google.com -->
- <access origin="http://maps.google.com" />
-
- <!-- Access to all the subdomains on google.com -->
- <access origin="http://*.google.com" />
-
- <!-- Enable requests to content: URLs -->
- <access origin="content:///*" />
-
- <!-- Don't block any requests -->
- <access origin="*" />
-
-
-沒有任何`<access>`標籤,只到`file://` Url 允許請求。 但是,預設的科爾多瓦應用程式包括`<access origin="*">` ,預設情況。
-
-怪癖: Android 還允許對 HTTPs://ssl.gstatic.com/accessibility/javascript/android/ 請求預設情況下,因為這是對講正常所需。
-
-### 內容安全政策
-
-網路請求的控制項 (圖像,XHRs 等) 允許 (通過 web 視圖直接)。
-
-對 Android 和 iOS,網路請求白名單 (見上文) 是不能夠過濾所有類型的請求 (例如`<video>` & Websocket 未被阻止)。 那麼,除了白名單中,你應使用[內容安全性原則](http://content-security-policy.com/) `< 元 >`標記您的所有頁面。
-
-在 android 系統,對 CSP 系統 web 視圖的支援開始奇巧 (但是是上使用 web 視圖人行橫道上的所有版本可用)。
-
-下面是一些示例 CSP 聲明為`.html`頁面:
-
- <!-- Good default declaration:
- * gap: is required only on iOS (when using UIWebView) and is needed for JS->native communication
- * https://ssl.gstatic.com is required only on Android and is needed for TalkBack to function properly
- * Disables use of eval() and inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
- * Enable inline JS: add 'unsafe-inline' to default-src
- * Enable eval(): add 'unsafe-eval' to default-src
- -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com; style-src 'self' 'unsafe-inline'; media-src *">
-
- <!-- Allow requests to foo.com -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' foo.com">
-
- <!-- Enable all requests, inline styles, and eval() -->
- <meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">
-
- <!-- Allow XHRs via https only -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self' https:">
-
- <!-- Allow iframe to https://cordova.apache.org/ -->
- <meta http-equiv="Content-Security-Policy" content="default-src 'self'; frame-src 'self' https://cordova.apache.org">
\ No newline at end of file
diff --git a/package.json b/package.json
index 9bca506..00ada32 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,7 @@
"url": "https://github.com/apache/cordova-plugin-whitelist"
},
"bugs": {
- "url": "https://issues.apache.org/jira/browse/CB"
+ "url": "https://github.com/apache/cordova-plugin-whitelist/issues"
},
"keywords": [
"cordova",
@@ -20,6 +20,11 @@
"ecosystem:cordova",
"cordova-android"
],
+ "scripts": {
+ "test": "echo \"no tests implemented for this plugin\""
+ },
+ "author": "Apache Software Foundation",
+ "license": "Apache-2.0",
"engines": {
"cordovaDependencies": {
"0.0.0": {
@@ -29,7 +34,5 @@
"cordova": ">100"
}
}
- },
- "author": "Apache Software Foundation",
- "license": "Apache-2.0"
+ }
}
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 0000000..4eeae3b
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1,53 @@
+---
+ license: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+---
+
+# cordova-plugin-whitelist-tests
+
+This are an [optional JavaScript interface](#whitelist) to the core Cordova Whitelist functionality and the test plugin that uses it to test cordova-plugin-whitelist.
+
+## Whitelist
+
+> The `whitelist` object provides an interface for testing whether arbitrary
+> URLs are allowed by the currently active configuration, or would be allowed
+> by a given set of whitelist patterns.
+
+### Methods
+
+- cordova.whitelist.match
+- cordova.whitelist.test
+
+#### cordova.whitelist.match
+
+Indicates whether a given URL would be allowed by a set of Whitelist URL
+patterns.
+
+ cordova.whitelist.match(url, patterns, callback);
+
+`callback` will be invoked with a boolean argument indicating whether the
+url matches the set of patterns.
+
+#### cordova.whitelist.test
+
+Indicates whether a given URL would be allowed by the current application
+configuration.
+
+ cordova.whitelist.test(url, callback);
+
+`callback` will be invoked with a boolean argument indicating whether the
+url is currently whitelisted.
diff --git a/tests/package.json b/tests/package.json
new file mode 100644
index 0000000..f0b4839
--- /dev/null
+++ b/tests/package.json
@@ -0,0 +1,15 @@
+{
+ "name": "cordova-plugin-whitelist-tests",
+ "version": "1.3.4-dev",
+ "description": "",
+ "cordova": {
+ "id": "cordova-plugin-whitelist-tests",
+ "platforms": []
+ },
+ "keywords": [
+ "ecosystem:cordova"
+ ],
+ "author": "",
+ "license": "Apache 2.0"
+}
+
diff --git a/tests/plugin.xml b/tests/plugin.xml
new file mode 100644
index 0000000..bd4dc99
--- /dev/null
+++ b/tests/plugin.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<plugin xmlns="http://cordova.apache.org/ns/plugins/1.0"
+ id="cordova-plugin-whitelist-tests"
+ version="1.3.4-dev">
+ <name>Cordova Plugin Whitelist Tests</name>
+ <license>Apache 2.0</license>
+
+ <js-module src="tests.js" name="tests">
+ </js-module>
+
+ <js-module src="www/whitelist.js" name="whitelist">
+ <clobbers target="cordova.whitelist" />
+ </js-module>
+
+ <!-- android -->
+ <platform name="android">
+ <config-file target="res/xml/config.xml" parent="/*">
+ <feature name="WhitelistAPI" >
+ <param name="android-package" value="org.apache.cordova.test.WhitelistAPI"/>
+ </feature>
+ </config-file>
+
+ <source-file src="src/android/WhitelistAPI.java" target-dir="src/org/apache/cordova/test" />
+
+ <!-- remove <access origin="*" /> -->
+ <hook type="after_prepare" src="scripts/remove-access.js"/>
+
+ <!-- add whitelist configuration the tests test for -->
+ <config-file target="config.xml" parent="/*">
+ <allow-navigation href="http://*.apache.org" />
+ <allow-navigation href="https://*.apache.org" />
+ </config-file>
+
+ </platform>
+
+</plugin>
diff --git a/tests/scripts/remove-access.js b/tests/scripts/remove-access.js
new file mode 100644
index 0000000..402c2de
--- /dev/null
+++ b/tests/scripts/remove-access.js
@@ -0,0 +1,19 @@
+var fs = require('fs');
+var path = require('path');
+var rootdir = "";
+var file = path.join(rootdir, "platforms/android/app/src/main/res/xml/config.xml");
+
+fs.readFile( file, "utf8", function( err, data )
+{
+ if (err)
+ return console.log( err );
+
+ var result = data;
+ result = result.replace( "<access origin=\"*\" />", "" );
+
+ fs.writeFile( file, result, "utf8", function( err )
+ {
+ if (err)
+ return console.log( err );
+ } );
+} );
\ No newline at end of file
diff --git a/tests/src/android/WhitelistAPI.java b/tests/src/android/WhitelistAPI.java
new file mode 100644
index 0000000..1ada69f
--- /dev/null
+++ b/tests/src/android/WhitelistAPI.java
@@ -0,0 +1,90 @@
+/*
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+*/
+package org.apache.cordova.test;
+
+import org.apache.cordova.Whitelist;
+import org.apache.cordova.Config;
+
+import org.apache.cordova.CallbackContext;
+import org.apache.cordova.CordovaPlugin;
+import org.apache.cordova.PluginResult;
+import org.json.JSONArray;
+import org.json.JSONException;
+
+import org.apache.cordova.PluginManager;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+public class WhitelistAPI extends CordovaPlugin {
+ /**
+ * Executes the request and returns PluginResult.
+ *
+ * @param action The action to execute.
+ * @param args JSONArry of arguments for the plugin.
+ * @param callbackContext The callback id used when calling back into JavaScript.
+ * @return True if the action was valid, false if not.
+ */
+ public boolean execute(String action, JSONArray args, CallbackContext callbackContext) throws JSONException {
+ if (action.equals("URLMatchesPatterns")) {
+ String url = args.getString(0);
+ JSONArray patterns = args.getJSONArray(1);
+ Whitelist whitelist = new Whitelist();
+ for (int i=0; i < patterns.length(); i++) {
+ String pattern = patterns.getString(i);
+ whitelist.addWhiteListEntry(pattern, false);
+ }
+ boolean isAllowed = whitelist.isUrlWhiteListed(url);
+ callbackContext.sendPluginResult(new PluginResult(PluginResult.Status.OK, isAllowed));
+ return true;
+ } else if (action.equals("URLIsAllowed")) {
+ String url = args.getString(0);
+ /* This code exists for compatibility between 3.x and 4.x versions of Cordova.
+ * Previously the CordovaWebView class had a method, getWhitelist, which would
+ * return a Whitelist object. Since the fixed whitelist is removed in Cordova 4.x,
+ * the correct call now is to shouldAllowRequest from the plugin manager.
+ */
+ Boolean isAllowed = null;
+ try {
+ Method isUrlWhiteListed = Config.class.getDeclaredMethod("isUrlWhitelisted", String.class);
+ isAllowed = (Boolean)isUrlWhiteListed.invoke(url);
+ } catch (NoSuchMethodException e) {
+ } catch (IllegalAccessException e) {
+ } catch (InvocationTargetException e) {
+ }
+ if (isAllowed == null) {
+ try {
+ Method gpm = webView.getClass().getMethod("getPluginManager");
+ PluginManager pm = (PluginManager)gpm.invoke(webView);
+ Method isAllowedMethod = pm.getClass().getMethod("shouldAllowRequest", String.class);
+ isAllowed = (Boolean)isAllowedMethod.invoke(pm, url);
+ if (isAllowed == null) {
+ isAllowed = false;
+ }
+ } catch (NoSuchMethodException e) {
+ } catch (IllegalAccessException e) {
+ } catch (InvocationTargetException e) {
+ }
+ }
+
+ callbackContext.sendPluginResult(new PluginResult(PluginResult.Status.OK, isAllowed));
+ return true;
+ }
+ return false;
+ }
+}
diff --git a/tests/tests.js b/tests/tests.js
new file mode 100644
index 0000000..7378abe
--- /dev/null
+++ b/tests/tests.js
@@ -0,0 +1,214 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+exports.defineAutoTests = function () {
+
+ var isAndroid = (cordova.platformId === "android");
+
+ describe('Whitelist API (cordova.whitelist)', function () {
+
+ it("should exist", function () {
+ expect(cordova.whitelist).toBeDefined();
+ });
+
+ describe("Match function (cordova.whitelist.match) that checks URLs against patterns", function () {
+ function expectMatchWithResult(result) {
+ return (function (url, patterns, description) {
+ description = description || ((result ? "should accept " : "should reject ") + url + " for " + JSON.stringify(patterns));
+ this.result = result;
+
+ describe("Match function", function () {
+ if (!isAndroid) {
+ pending("Whitelist Plugin only exists for Android");
+ }
+
+ // Timeout is 7.5 seconds to allow physical devices enough
+ // time to query the response. This is important for some
+ // Android devices.
+ var originalTimeout,
+ cb;
+
+ beforeEach(function (done) {
+ originalTimeout = jasmine.DEFAULT_TIMEOUT_INTERVAL;
+ jasmine.DEFAULT_TIMEOUT_INTERVAL = 7500;
+
+ cb = jasmine.createSpy('spy').and.callFake(function () {
+ done();
+ });
+ cordova.whitelist.match(url, patterns, cb);
+ });
+
+ afterEach(function () {
+ jasmine.DEFAULT_TIMEOUT_INTERVAL = originalTimeout;
+ });
+
+ it(description, function () {
+ expect(cb).toHaveBeenCalledWith(result);
+ });
+ });
+ });
+ }
+
+ var itShouldMatch = expectMatchWithResult(true);
+ var itShouldNotMatch = expectMatchWithResult(false);
+
+ it("should exist", function () {
+ expect(cordova.whitelist.match).toBeDefined();
+ expect(typeof cordova.whitelist.match).toBe("function");
+ });
+
+ itShouldMatch('http://www.apache.org/', ['*'], "should accept any domain for *");
+ itShouldNotMatch('http://www.apache.org/', [], "should not accept any domain for []");
+
+ itShouldMatch('http://apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://www.apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://www.apache.org/some/path', ['http://*.apache.org']);
+ itShouldMatch('http://some.domain.under.apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://user:pass@apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://user:pass@www.apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://www.apache.org/?some=params', ['http://*.apache.org']);
+ itShouldNotMatch('http://apache.com/', ['http://*.apache.org']);
+ itShouldNotMatch('http://www.evil.com/?url=www.apache.org', ['http://*.apache.org']);
+ itShouldNotMatch('http://www.evil.com/?url=http://www.apache.org', ['http://*.apache.org']);
+ itShouldNotMatch('http://www.evil.com/?url=http%3A%2F%2Fwww%2Eapache%2Eorg', ['http://*.apache.org']);
+ itShouldNotMatch('https://apache.org/', ['http://*.apache.org']);
+ itShouldNotMatch('http://www.apache.org:pass@evil.com/', ['http://*.apache.org']);
+ itShouldNotMatch('http://www.apache.org.evil.com/', ['http://*.apache.org']);
+
+ itShouldMatch('http://www.apache.org/', ['http://*.apache.org', 'https://*.apache.org']);
+ itShouldMatch('https://www.apache.org/', ['http://*.apache.org', 'https://*.apache.org']);
+ itShouldNotMatch('ftp://www.apache.org/', ['http://*.apache.org', 'https://*.apache.org']);
+ itShouldNotMatch('http://www.apache.com/', ['http://*.apache.org', 'https://*.apache.org']);
+
+ itShouldMatch('http://www.apache.org/', ['http://www.apache.org']);
+ itShouldNotMatch('http://build.apache.org/', ['http://www.apache.org']);
+ itShouldNotMatch('http://apache.org/', ['http://www.apache.org']);
+
+ itShouldMatch('http://www.apache.org/', ['http://*/*']);
+ itShouldMatch('http://www.apache.org/foo/bar.html', ['http://*/*']);
+
+ itShouldMatch('http://www.apache.org/foo', ['http://*/foo*']);
+ itShouldMatch('http://www.apache.org/foo/bar.html', ['http://*/foo*']);
+ itShouldNotMatch('http://www.apache.org/', ['http://*/foo*']);
+
+ itShouldMatch('file:///foo', ['file:///*']);
+
+ itShouldMatch('file:///foo', ['file:///foo*']);
+ itShouldMatch('file:///foo/bar.html', ['file:///foo*']);
+ itShouldNotMatch('file:///foo.html', []);
+ itShouldNotMatch('http://www.apache.org/etc/foo', ['http://www.apache.org/foo*']);
+ itShouldNotMatch('http://www.apache.org/foo', ['file:///foo*']);
+
+ itShouldMatch('http://www.apache.org/', ['*://www.apache.org/*']);
+ itShouldMatch('https://www.apache.org/', ['*://www.apache.org/*']);
+ itShouldMatch('ftp://www.apache.org/', ['*://www.apache.org/*']);
+ itShouldMatch('file://www.apache.org/', ['*://www.apache.org/*']);
+ if (cordova.platformId == 'android')
+ itShouldMatch('content://www.apache.org/', ['*://www.apache.org/*']);
+ itShouldMatch('foo://www.apache.org/', ['*://www.apache.org/*']);
+ itShouldNotMatch('http://www.apache.com/', ['*://www.apache.org/*']);
+
+ itShouldMatch('http://www.apache.org/', ['*.apache.org']);
+ itShouldMatch('https://www.apache.org/', ['*.apache.org']);
+ itShouldNotMatch('ftp://www.apache.org/', ['*.apache.org']);
+
+ itShouldMatch('http://www.apache.org:81/', ['http://www.apache.org:81/*']);
+ itShouldMatch('http://user:pass@www.apache.org:81/foo/bar.html', ['http://www.apache.org:81/*']);
+ itShouldNotMatch('http://www.apache.org:80/', ['http://www.apache.org:81/*']);
+ itShouldNotMatch('http://www.apache.org/', ['http://www.apache.org:81/*']);
+ itShouldNotMatch('http://www.apache.org:foo/', ['http://www.apache.org:81/*']);
+ itShouldNotMatch('http://www.apache.org:81@www.apache.org/', ['http://www.apache.org:81/*']);
+ itShouldNotMatch('http://www.apache.org:81@www.evil.com/', ['http://www.apache.org:81/*']);
+
+ itShouldMatch('http://www.APAche.org/', ['*.apache.org']);
+ itShouldMatch('http://WWw.apache.org/', ['*.apache.org']);
+ itShouldMatch('http://www.apache.org/', ['*.APACHE.ORG']);
+ itShouldMatch('HTTP://www.apache.org/', ['*.apache.org']);
+ itShouldMatch('HTTP://www.apache.org/', ['http://*.apache.org']);
+ itShouldMatch('http://www.apache.org/', ['HTTP://*.apache.org']);
+
+ itShouldMatch('http://www.apache.org/foo/', ['*://*.apache.org/foo/*']);
+ itShouldMatch('http://www.apache.org/foo/bar', ['*://*.apache.org/foo/*']);
+ itShouldNotMatch('http://www.apache.org/bar/foo/', ['*://*.apache.org/foo/*']);
+ itShouldNotMatch('http://www.apache.org/Foo/', ['*://*.apache.org/foo/*']);
+ itShouldNotMatch('http://www.apache.org/Foo/bar', ['*://*.apache.org/foo/*']);
+ });
+
+ describe("Test function (cordova.whitelist.test) that checks against config.xml", function () {
+ function expectTestWithResult(result) {
+ return (function (url, description) {
+ description = description || ((result ? "should accept " : "should reject ") + url);
+
+ describe("Test function", function () {
+ if (!isAndroid) {
+ pending("Whitelist Plugin only exists for Android");
+ }
+
+ var cb,
+ originalTimeout;
+
+ beforeEach(function (done) {
+ originalTimeout = jasmine.DEFAULT_TIMEOUT_INTERVAL;
+ jasmine.DEFAULT_TIMEOUT_INTERVAL = 7500;
+ cb = jasmine.createSpy('spy').and.callFake(function (){
+ done();
+ });
+ cordova.whitelist.test(url, cb);
+ });
+
+ afterEach(function () {
+ jasmine.DEFAULT_TIMEOUT_INTERVAL = originalTimeout;
+ });
+
+ it(description, function () {
+ expect(cb).toHaveBeenCalledWith(result);
+ });
+ });
+ });
+ }
+
+ var itShouldAccept = expectTestWithResult(true);
+ var itShouldReject = expectTestWithResult(false);
+
+ it("should exist", function () {
+ expect(cordova.whitelist.test).toBeDefined();
+ expect(typeof cordova.whitelist.test).toBe("function");
+ });
+
+ itShouldAccept('http://apache.org');
+ itShouldAccept('http://apache.org/');
+ itShouldAccept('http://www.apache.org/');
+ itShouldAccept('http://www.apache.org/some/path');
+ itShouldAccept('http://some.domain.under.apache.org/');
+ itShouldAccept('http://user:pass@apache.org/');
+ itShouldAccept('http://user:pass@www.apache.org/');
+ itShouldAccept('https://www.apache.org/');
+
+ itShouldReject('ftp://www.apache.org/');
+ itShouldReject('http://www.apache.com/');
+ itShouldReject('http://www.apache.org:pass@evil.com/');
+ itShouldReject('http://www.apache.org.evil.com/');
+
+ itShouldAccept('file:///foo');
+ if (cordova.platformId == 'android')
+ itShouldReject('content:///foo');
+ });
+ });
+}
\ No newline at end of file
diff --git a/tests/www/whitelist.js b/tests/www/whitelist.js
new file mode 100644
index 0000000..33c43f7
--- /dev/null
+++ b/tests/www/whitelist.js
@@ -0,0 +1,34 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+*/
+
+var argscheck = require('cordova/argscheck'),
+ exec = require('cordova/exec');
+
+module.exports = {
+ match: function(url, patterns, callback) {
+ //argscheck.checkArgs('fF', 'Whitelist.match', arguments);
+ exec(callback, callback, "WhitelistAPI", "URLMatchesPatterns", [url, patterns]);
+ },
+ test: function(url, callback) {
+ //argscheck.checkArgs('fF', 'Whitelist.test', arguments);
+ exec(callback, callback, "WhitelistAPI", "URLIsAllowed", [url]);
+ }
+}