Hi all,
I'm Jason Chase, and I just joined the Google team working on Cordova.
I've spent the last while working on enterprise SaaS solution, so I'm
looking forward to the challenge of getting up to speed on Cordova. Looks
like there's a lot going on with Cordova, so I can&
I'm working on CB-8210, to remove the use of javascript eval()s from native
code in cordova-android. The goal is to pave the way for CSP.
One usage was to fire the "onDestroy" event when the app is being
destroyed. However, in my testing, I wasn't able to get this event firing
on the javascript
For CB-8444, I'm proposing to eventually remove the clobber of
'window.open' that is done by the InAppBrowser plugin.
The problem I'm trying to solve is unintended changes to the behaviour of
window.open calls in an app. An example of untended change is an app that
adds a plugin which provides an
I'm interested in full-blown support for CSP (Content Security Policy) in
Cordova. While we're close to having new and improved whitelist
functionality, there are gaps in what the whitelist is able to protect
against. In particular, inline script and eval() are higher risks that are
not addressed
roposal for CSP support
>
> Thanks for this clear outline.
>
> Jason, I know you've been working on the short-term items for a while as
> part of your investigation, fixing things as you went -- what is the
> current state of CSP support in platforms / plugins? What portion al