Use of cordova-plugin-whitelist - android

In my cordova hello world project, When I run:
cordova platforms add android
it automatically adds cordova-plugin-whitelist plugin.
From plugin docs it is only for android platform.
Supported Cordova Platforms
Android 4.0.0 or above
My questions are:
What is the use of this plugin?
Why only android? Why not other platforms?

As you have mentioned, this plugin is meant only for Android as the plugin source code itself supports only Android platform.
This plugin implements a whitelist policy for navigating the application webview on Cordova 4.0 and above. The use of this plugin is that it provides better security and configurability than earlier versions of Cordova. Infact it is possible to create your own whitelist plugin but it is not recommended unless your app has very specific security policy needs.
Also what I noticed while creating a project in iOS is that it does include cordova whitelist plugin in the plugins folder as its automatically included in config.xml
But what I infer from the official documentation of iOS whitelisting is that for cordova-ios version 4.0 and above this plugin is not required but it's configuration details apply to iOS too.
You can check out this official cordova link for more detailed info on whitelisting and its application on various platforms.

Related

Updating salesforce Hybrid cordova app

I am a little new to Salesforce Hybrid Mobile application development.
I have a well running hybrid application.
But recently when uploading the APK to play store, play store gives an error
Your APK has been rejected for containing security vulnerabilities, which violates the Malicious Behavior policy. The Alerts page has more information about how to resolve the issue. If you submitted an update, the previous version of your app is still live on Google Play.
After some analysis I found that my android platform version is 3.6.x which might be the reason for rejection.
So I updated cordova android platform of my existing Salesforce Hybrid app using the following command.
cordova platform update android
After updating the version of android platform is 5.2.2
Salesforce Mobile sdk guide says to reinstall the salesforce plugin
So,
cordova plugin remove com.salesforce
And then
cordova plugin add https://github.com/forcedotcom/SalesforceMobileSDK-CordovaPlugin
But, while re-adding the plugin it gives the following message
Plugin doesn't support this project's cordova-android version. cordova-android: 5.2.2, failed version requirement: 5.0.0
Skipping 'com.salesforce' for android
And again running the project in eclipse gives many errors.
Not able to pin point the specefic issue here.
Any help is appretiated.
Thanks in advance.
You have to update to 5.0.0 instead of 5.2.2 because Salesforce plugin is made to 5.0.0 version.
You can see that in the plugin.xml file, in the engine tag.
<engines>
<engine name="cordova-android" version="5.0.0" />
<engine name="cordova-ios" version="4.2.0" />
</engines>

Mobilefirst Vulnerable version of Apache Cordova

I just recieved a mail from Google play about my MobileFirst 6.3 app: Please migrate your app(s) to Apache Cordova v.4.1.1 or higher as soon as possible.
I have a new version of my app on MobileFirst 7.1, but this new version is only running on Cordova v 3.7.0.
Which version of MobileFirst will be based on v4.1.1 and when can we expect it, if it is not out already? What would be your advised approach, release the app based on cordova 3.7.0 quickly while we still can or wait for cordova 4.1.1 to be included in MobileFirst?
As requested: The following page contains more details about the vulnerabilities:
https://support.google.com/faqs/answer/6325474
No version of Worklight/MobileFirst is supplied with Cordova 4.1.1.
However,
IBM patches the Cordova version shipped in Worklight/MobileFirst with fixes to found vulnerabilities.
For this particular announcement by Google, see here: https://mobilefirstplatform.ibmcloud.com/blog/2016/02/16/ibm-mobilefirst-platform-foundation-responds-to-google-play-store-announcement-of-blocking-apps-using-vulnerable-cordova-versions/
In general:
Ensure that you are using the latest available Worklight/MobileFirst iFix and have the application re-built in order to use the patched Cordova.
See below for more information:
https://mobilefirstplatform.ibmcloud.com/blog/2016/02/24/cve-2015-5256-apache-cordova-vulnerable-to-improper-application-of-whitelist-restrictions-on-android/
https://developer.ibm.com/mobilefirstplatform/2015/12/11/cve-2015-5257cve-2015-8320-weak-randomization-of-bridgesecret-for-apache-cordova-android/
https://developer.ibm.com/mobilefirstplatform/2015/07/30/cve-2015-1835-remote-exploit-in-apache-cordova/
https://developer.ibm.com/mobilefirstplatform/2015/10/08/cve-2015-5204-http-header-injection-vulnerability-in-apache-cordova-android-file-transfer-plugin/

Cordova VS Phonegap plugins

Sorry if it's a stupid question but Google this time didn't help me.
I'm making my apps using cordova. I read that phone gap comes from cordova. I read also that now they are almost the same (if you open phone gap website it talks about cordova and gives cordova examples, so...).
Now my question is: in an app created with cordova, can I use a plugin for phonegap?
Example: just made work pushplugin for cordova (https://github.com/phonegap-build/PushPlugin). Now it says it's deprecated and to use phonegap-push-plugin (https://github.com/phonegap/phonegap-plugin-push) that is also completely different (and, if you're interested, already has problems with beta iOS 9).
So, if I have an app already made with cordova, can I add this new plugin?
Using phonegap plugin add phonegap-plugin-push or cordova plugin add phonegap-plugin-push?
Yes you can use latest push plugin in cordova by using cordova plugin add phonegap-plugin-push, if you have cordova verison >= 5.0 . Cordova and Phonegap both use same plugins almost.You can resolve your confusion about phongap and cordova from this http://phonegap.com/2012/03/19/phonegap-cordova-and-what%E2%80%99s-in-a-name/ ,but in short any plugin which is used in phonegap, can be used for cordova and vice versa. You can find different ids for same plugin like , for example for push plugin
phonegap-plugin-push and cordova-plugin-push-notification, but they both have same source code.
I am quoting a pargraph from post i mentioned :
PhoneGap is a distribution of Apache Cordova. You can think of Apache
Cordova as the engine that powers PhoneGap, similar to how WebKit is
the engine that powers Chrome or Safari.

implement creative sdk on cordova (ionic)

i would like to implement the creativesdk-image editor(old time aviary) in my cordova app.
the plugins i've found are 2 years old and won't run since the sdk that was used is not working anymore(there is a new sdk), the issue is that the new sdk which runs on android required gradle and in my cordova app i ca't use gradle, is there a way to create a plugin for cordova which takes all the compiled classes from a android studio compiled gradle sdk and use it on cordova plugin for android ? (i am new to cordova and android gradle)
Have you tried Angular Aviary SDK? This project is 3 months old in github and provides AngularJS integration through an ngAviary directive, like so:
<a href="#"
target='<selector>'
on-save-button-clicked='onSaveButtonClicked(id)'
on-save='onSave(id, newURL)'
ng-aviary> Edit photo </a>
Quick answer
Try using the new Image Editor UI PhoneGap plugin (Cordova compatible).
There is also a PhoneGap template for this plugin, provided as a reference sample.
More info
The Creative SDK team recently collaborated with PhoneGap to release plugins that are compatible with PhoneGap, Cordova, and Ionic.
There a details on the Creative SDK blog.
You can get a quick overview of everything on offer on the Creative SDK GitHub page's Plugins section.

building app in intel xdk: do you need to build for cordova to use cordova apis

I have just learned of intel xdk and i am going over how it works and what are steps to produce apps.. However, i am stuck at some place in understanding it. Can you clarify some stuff for me.
From what i understand:
Intel XDK by default provides apis that extend cordova apis. And therefore cordova apis are included in the intel xdk and if someone wants to use them they just include a script tag with src set as 'cordova.js'. So my question if i am using cordova api instead of intel xdk apis..( i don't know why would someone do this..when both are the same thing so why go an extra trouble of adding cordova script tag then reference etc.) then can i build it as android app and cordova apis will work? or i have to choose cordova android app to make use of cordova apis?
My guess is just choosing to build for android will allow me to use cordova api because this is a big step and it'd have been in docs..maybe it's!?!?!
Yes, you can build as "Android" app and cordova APIs will work as long as "cordova.js" script tag is included. It was mainly meant for building apps with intel.xdk APIs, Cordova 2.9 support was later added, Cordova plugins are not supported in this build.
"Cordova for Android" is in beta release, this is more like an actual Cordova app built using Cordova CLI, Cordova plugins will soon be supported, intel.xdk APIs are not supported. You have to include "cordova.js" script tag for Cordova APIs to work. This will become the default build for Android in future.

Categories

Resources