I've spent the majority of the week finishing up the whitelist-breakout code, and I'd invite the rest of the community to take a look, before we make anything official.
In order to retain some kind of backward compatibility with existing apps (because it's a terrible situation for everyone when we break that), I've endeavoured to provide hooks so that all of the existing functionality can be moved to a plugin, and so that *something* useful still happens if you don't have any plugins at all. Policy decisions are made centrally (in Android, by CordovaUriHelper; in iOS, by CDVViewController), first by asking all installed plugins whether to allow or deny the request, and if no plugins reply, then by applying a default policy (which is sane, but more restrictive than Cordova 3.6) Without any plugins, Cordova will allow navigation within the app itself, to file urls, and will allow resource loads (XHRs) from that space as well. External applications are *not* launched. <access> tags in config.xml are completely ignored. I've also modified the config parsers so that they can be used by plugins. (For example, the sample cordova-plugin-whitelist plugin reads config.xml to extract <access> tags for building its own whitelist, but other plugins could use any other method they wanted) All of this is in git, on branches named "unplug-whitelist", on these repos: cordova-android cordova-ios cordova-plugin-inappbrowser cordova-plugin-file-transfer cordova-mobile-spec I wrote a sample plugin -- https://github.com/clelland/cordova-plugin-whitelist -- which implements the Cordova 3.6 behaviour. With that plugin, <access> tags in config.xml are parsed, just as they are right now. Navigation and XHR access to external resources is controlled by <access origin=... > tags, and launching of other applications is controlled by <access origin=... launch-external="yes"> tags. Comments welcome -- either here or on https://issues.apache.org/jira/browse/CB-7747 Ian
