Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-1036] Android: WebView Exposes Ti Methods with Remote URL

GitHub Issuen/a
TypeBug
PriorityMedium
StatusClosed
ResolutionFixed
Resolution Date2011-04-17T01:55:01.000+0000
Affected Version/sn/a
Fix Version/sRelease 1.6.0 M01
ComponentsAndroid
Labelsandroid, defect, release-1.6.0, security
ReporterDon Thorp
AssigneeMarshall Culpepper
Created2011-04-15T02:42:03.000+0000
Updated2011-04-17T01:55:01.000+0000

Description

This is a security issue. Titanium APIs should only be allowed for local urls

Comments

  1. Bill Dawson 2011-04-15

    (from [12d7bf6a90db72fa0aebe538c95128c8a0cdc625]) Inject our Ti JS and JSON near beginning of local (and ONLY local) html file contents or html set directly via the html property. [#2153 state:fixed-in-qa][#2514 state:fixed-in-qa][#1635 state:fixed-in-qa][#1036 state:fixed-in-qa] https://github.com/appcelerator/titanium_mobile/commit/12d7bf6a90db72fa0aebe538c95128c8a0cdc625"> https://github.com/appcelerator/titanium_mobile/commit/12d7bf6a90db...

  2. Bill Dawson 2011-04-15

    reopening for test case

  3. Bill Dawson 2011-04-15

    QA to test this, put this code in for a window JS:

       var win = Ti.UI.currentWindow;
       var wv = Ti.UI.createWebView({url: 'http://www.google.com'});
       wv.addEventListener('load', function(e) {
           alert(wv.evalJS('Titanium'));
       });
       win.add(wv);
       

    You should get an empty alert, because Titanium should not be available if you've browed to an external site such as google in this example.

    Note: if you try to test the fail case, be sure to try a version of the sdk from before 12/13/2010, otherwise #2583 will happen to you and you'll get a lockup.

  4. Bill Dawson 2011-04-15

    (from [a15892512a6eb0f7605a3a98615513e3f554ebde]) [#1036 state:fixed-in-qa] Drillbit test to be sure Ti/Titanium not available in external web sites https://github.com/appcelerator/titanium_mobile/commit/a15892512a6eb0f7605a3a98615513e3f554ebde"> https://github.com/appcelerator/titanium_mobile/commit/a15892512a6e...

  5. Thomas Huelbert 2011-04-15

    2.2.1 (G2), 1.6 (G1) Titanium SDK version: 1.6.0 (01/04/11 08:01 e49700d)

JSON Source