Hello

2014-08-07 Thread Jason Chase
Hi all, I'm Jason Chase, and I just joined the Google team working on Cordova. I've spent the last while working on enterprise SaaS solution, so I'm looking forward to the challenge of getting up to speed on Cordova. Looks like there's a lot going on with Cordova, so I can&

Remove onDestroy event/channel from cordova-js

2015-01-05 Thread Jason Chase
I'm working on CB-8210, to remove the use of javascript eval()s from native code in cordova-android. The goal is to pave the way for CSP. One usage was to fire the "onDestroy" event when the app is being destroyed. However, in my testing, I wasn't able to get this event firing on the javascript

CB-8444: Proposal to deprecate the clobber of window.open by InAppBrowser

2015-02-12 Thread Jason Chase
For CB-8444, I'm proposing to eventually remove the clobber of 'window.open' that is done by the InAppBrowser plugin. The problem I'm trying to solve is unintended changes to the behaviour of window.open calls in an app. An example of untended change is an app that adds a plugin which provides an

Proposal for CSP support

2015-02-19 Thread Jason Chase
I'm interested in full-blown support for CSP (Content Security Policy) in Cordova. While we're close to having new and improved whitelist functionality, there are gaps in what the whitelist is able to protect against. In particular, inline script and eval() are higher risks that are not addressed

Re: Proposal for CSP support

2015-02-20 Thread Jason Chase
roposal for CSP support > > Thanks for this clear outline. > > Jason, I know you've been working on the short-term items for a while as > part of your investigation, fixing things as you went -- what is the > current state of CSP support in platforms / plugins? What portion al