apache
diff --git a/‎.github/workflows/ci.yml
+20-6 b/‎.github/workflows/ci.yml
+20-6
diff --git a/‎framework/src/org/apache/cordova/CordovaActivity.java
+5 b/‎framework/src/org/apache/cordova/CordovaActivity.java
+5
diff --git a/‎framework/src/org/apache/cordova/CordovaClientCertRequest.java
+7 b/‎framework/src/org/apache/cordova/CordovaClientCertRequest.java
+7
diff --git a/‎framework/src/org/apache/cordova/CordovaDialogsHelper.java
+9 b/‎framework/src/org/apache/cordova/CordovaDialogsHelper.java
+9
diff --git a/‎framework/src/org/apache/cordova/CordovaHttpAuthHandler.java
+2 b/‎framework/src/org/apache/cordova/CordovaHttpAuthHandler.java
+2
diff --git a/‎framework/src/org/apache/cordova/CordovaInterfaceImpl.java
+4-1 b/‎framework/src/org/apache/cordova/CordovaInterfaceImpl.java
+4-1
diff --git a/‎framework/src/org/apache/cordova/CordovaWebViewImpl.java
+5 b/‎framework/src/org/apache/cordova/CordovaWebViewImpl.java
+5
diff --git a/‎framework/src/org/apache/cordova/CoreAndroid.java
+6 b/‎framework/src/org/apache/cordova/CoreAndroid.java
+6
diff --git a/‎framework/src/org/apache/cordova/NativeToJsMessageQueue.java
+4 b/‎framework/src/org/apache/cordova/NativeToJsMessageQueue.java
+4
diff --git a/‎framework/src/org/apache/cordova/engine/SystemCookieManager.java
+5 b/‎framework/src/org/apache/cordova/engine/SystemCookieManager.java
+5
@@ -31,15 +31,12 @@ jobs:
         os: [ubuntu-latest, windows-latest, macos-latest]
 
     steps:
-      - uses: actions/checkout@v3
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node-version }}
 
-      - name: set up JDK 11
-        uses: actions/setup-java@v3
+      - uses: actions/setup-java@v4
         with:
           distribution: 'temurin'
           java-version: '11'
@@ -50,13 +47,30 @@ jobs:
           npm --version
           gradle --version
 
+      # "bin/templates/platform_www/cordova.js" is ignored because it is a generated file.
+      # It contains mixed content from the npm package "cordova-js" and "./cordova-js-src".
+      # The report might not be resolvable because of the external package.
+      # If the report is related to this repository, it would be detected when scanning "./cordova-js-src".
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: javascript, java-kotlin
+          queries: security-and-quality
+          config: |
+            paths-ignore:
+              - coverage
+              - node_modules
+              - templates/project/assets/www/cordova.js
+              - test/androidx/app/src/main/assets/www/cordova.js
+
       - name: npm install and test
         run: |
           npm i
           npm t
         env:
           CI: true
 
+      - uses: github/codeql-action/analyze@v3
+
       - uses: codecov/codecov-action@v4
         if: success()
         with:
 
@@ -391,6 +391,7 @@ public void onReceivedError(final int errorCode, final String description, final
         if ((errorUrl != null) && (!failingUrl.equals(errorUrl)) && (appView != null)) {
             // Load URL on UI thread
             me.runOnUiThread(new Runnable() {
+                @Override
                 public void run() {
                     me.appView.showWebPage(errorUrl, false, true, null);
                 }
@@ -400,6 +401,7 @@ public void run() {
         else {
             final boolean exit = !(errorCode == WebViewClient.ERROR_HOST_LOOKUP);
             me.runOnUiThread(new Runnable() {
+                @Override
                 public void run() {
                     if (exit) {
                         me.appView.getView().setVisibility(View.GONE);
@@ -416,6 +418,7 @@ public void run() {
     public void displayError(final String title, final String message, final String button, final boolean exit) {
         final CordovaActivity me = this;
         me.runOnUiThread(new Runnable() {
+            @Override
             public void run() {
                 try {
                     AlertDialog.Builder dlg = new AlertDialog.Builder(me);
@@ -424,6 +427,7 @@ public void run() {
                     dlg.setCancelable(false);
                     dlg.setPositiveButton(button,
                             new AlertDialog.OnClickListener() {
+                                @Override
                                 public void onClick(DialogInterface dialog, int which) {
                                     dialog.dismiss();
                                     if (exit) {
@@ -488,6 +492,7 @@ public Object onMessage(String id, Object data) {
         return null;
     }
 
+    @Override
     protected void onSaveInstanceState(Bundle outState) {
         cordovaInterface.onSaveInstanceState(outState);
         super.onSaveInstanceState(outState);
 
@@ -41,6 +41,7 @@ public CordovaClientCertRequest(ClientCertRequest request) {
      * Cancel this request
      */
     @SuppressLint("NewApi")
+    @Override
     public void cancel()
     {
         request.cancel();
@@ -50,6 +51,7 @@ public void cancel()
      * Returns the host name of the server requesting the certificate.
      */
     @SuppressLint("NewApi")
+    @Override
     public String getHost()
     {
         return request.getHost();
@@ -59,6 +61,7 @@ public String getHost()
      * Returns the acceptable types of asymmetric keys (can be null).
      */
     @SuppressLint("NewApi")
+    @Override
     public String[] getKeyTypes()
     {
         return request.getKeyTypes();
@@ -68,6 +71,7 @@ public String[] getKeyTypes()
      * Returns the port number of the server requesting the certificate.
      */
     @SuppressLint("NewApi")
+    @Override
     public int getPort()
     {
         return request.getPort();
@@ -77,6 +81,7 @@ public int getPort()
      * Returns the acceptable certificate issuers for the certificate matching the private key (can be null).
      */
     @SuppressLint("NewApi")
+    @Override
     public Principal[] getPrincipals()
     {
         return request.getPrincipals();
@@ -86,6 +91,7 @@ public Principal[] getPrincipals()
      * Ignore the request for now. Do not remember user's choice.
      */
     @SuppressLint("NewApi")
+    @Override
     public void ignore()
     {
         request.ignore();
@@ -98,6 +104,7 @@ public void ignore()
      * @param chain The certificate chain
      */
     @SuppressLint("NewApi")
+    @Override
     public void proceed(PrivateKey privateKey, X509Certificate[] chain)
     {
         request.proceed(privateKey, chain);
 
@@ -43,18 +43,21 @@ public void showAlert(String message, final Result result) {
         dlg.setCancelable(true);
         dlg.setPositiveButton(android.R.string.ok,
                 new AlertDialog.OnClickListener() {
+                    @Override
                     public void onClick(DialogInterface dialog, int which) {
                         result.gotResult(true, null);
                     }
                 });
         dlg.setOnCancelListener(
                 new DialogInterface.OnCancelListener() {
+                    @Override
                     public void onCancel(DialogInterface dialog) {
                         result.gotResult(false, null);
                     }
                 });
         dlg.setOnKeyListener(new DialogInterface.OnKeyListener() {
             //DO NOTHING
+            @Override
             public boolean onKey(DialogInterface dialog, int keyCode, KeyEvent event) {
                 if (keyCode == KeyEvent.KEYCODE_BACK)
                 {
@@ -75,24 +78,28 @@ public void showConfirm(String message, final Result result) {
         dlg.setCancelable(true);
         dlg.setPositiveButton(android.R.string.ok,
                 new DialogInterface.OnClickListener() {
+                    @Override
                     public void onClick(DialogInterface dialog, int which) {
                         result.gotResult(true, null);
                     }
                 });
         dlg.setNegativeButton(android.R.string.cancel,
                 new DialogInterface.OnClickListener() {
+                    @Override
                     public void onClick(DialogInterface dialog, int which) {
                         result.gotResult(false, null);
                     }
                 });
         dlg.setOnCancelListener(
                 new DialogInterface.OnCancelListener() {
+                    @Override
                     public void onCancel(DialogInterface dialog) {
                         result.gotResult(false, null);
                     }
                 });
         dlg.setOnKeyListener(new DialogInterface.OnKeyListener() {
             //DO NOTHING
+            @Override
             public boolean onKey(DialogInterface dialog, int keyCode, KeyEvent event) {
                 if (keyCode == KeyEvent.KEYCODE_BACK)
                 {
@@ -126,13 +133,15 @@ public void showPrompt(String message, String defaultValue, final Result result)
         dlg.setCancelable(false);
         dlg.setPositiveButton(android.R.string.ok,
                 new DialogInterface.OnClickListener() {
+                    @Override
                     public void onClick(DialogInterface dialog, int which) {
                         String userText = input.getText().toString();
                         result.gotResult(true, userText);
                     }
                 });
         dlg.setNegativeButton(android.R.string.cancel,
                 new DialogInterface.OnClickListener() {
+                    @Override
                     public void onClick(DialogInterface dialog, int which) {
                         result.gotResult(false, null);
                     }
 
@@ -35,6 +35,7 @@ public CordovaHttpAuthHandler(HttpAuthHandler handler) {
     /**
      * Instructs the WebView to cancel the authentication request.
      */
+    @Override
     public void cancel () {
         this.handler.cancel();
     }
@@ -45,6 +46,7 @@ public void cancel () {
      * @param username
      * @param password
      */
+    @Override
     public void proceed (String username, String password) {
         this.handler.proceed(username, password);
     }
 
@@ -223,18 +223,21 @@ public void onRequestPermissionResult(int requestCode, String[] permissions,
         }
     }
 
+    @Override
     public void requestPermission(CordovaPlugin plugin, int requestCode, String permission) {
         String[] permissions = new String [1];
         permissions[0] = permission;
         requestPermissions(plugin, requestCode, permissions);
     }
 
-        @SuppressLint("NewApi")
+    @SuppressLint("NewApi")
+    @Override
     public void requestPermissions(CordovaPlugin plugin, int requestCode, String [] permissions) {
         int mappedRequestCode = permissionResultCallbacks.registerCallback(plugin, requestCode);
         getActivity().requestPermissions(permissions, mappedRequestCode);
     }
 
+    @Override
     public boolean hasPermission(String permission)
     {
         return PackageManager.PERMISSION_GRANTED == activity.checkSelfPermission(permission);
 
@@ -149,6 +149,7 @@ public void loadUrlIntoView(final String url, boolean recreatePlugins) {
 
         // Timeout error method
         final Runnable loadError = new Runnable() {
+            @Override
             public void run() {
                 stopLoading();
                 LOG.e(TAG, "CordovaWebView: TIMEOUT ERROR!");
@@ -168,6 +169,7 @@ public void run() {
 
         // Timeout timer method
         final Runnable timeoutCheck = new Runnable() {
+            @Override
             public void run() {
                 try {
                     synchronized (this) {
@@ -189,6 +191,7 @@ public void run() {
         if (cordova.getActivity() != null) {
             final boolean _recreatePlugins = recreatePlugins;
             cordova.getActivity().runOnUiThread(new Runnable() {
+                @Override
                 public void run() {
                     if (loadUrlTimeoutValue > 0) {
                         cordova.getThreadPool().execute(timeoutCheck);
@@ -579,11 +582,13 @@ public void onPageFinishedLoading(String url) {
             // Make app visible after 2 sec in case there was a JS error and Cordova JS never initialized correctly
             if (engine.getView().getVisibility() != View.VISIBLE) {
                 Thread t = new Thread(new Runnable() {
+                    @Override
                     public void run() {
                         try {
                             Thread.sleep(2000);
                             if (cordova.getActivity() != null) {
                                 cordova.getActivity().runOnUiThread(new Runnable() {
+                                    @Override
                                     public void run() {
                                         pluginManager.postMessage("spinner", "stop");
                                     }
 
@@ -73,6 +73,7 @@ public void pluginInitialize() {
      * @param callbackContext   The callback context from which we were invoked.
      * @return                  A PluginResult object with a status and message.
      */
+    @Override
     public boolean execute(String action, JSONArray args, CallbackContext callbackContext) throws JSONException {
         PluginResult.Status status = PluginResult.Status.OK;
         String result = "";
@@ -86,6 +87,7 @@ else if (action.equals("show")) {
                 // I recommend we change the name of the Message as spinner/stop is not
                 // indicative of what this actually does (shows the webview).
                 cordova.getActivity().runOnUiThread(new Runnable() {
+                    @Override
                     public void run() {
                         webView.getPluginManager().postMessage("spinner", "stop");
                     }
@@ -144,6 +146,7 @@ else if (action.equals("messageChannel")) {
      */
     public void clearCache() {
         cordova.getActivity().runOnUiThread(new Runnable() {
+            @Override
             public void run() {
                 webView.clearCache();
             }
@@ -215,6 +218,7 @@ else if (value.getClass().equals(Integer.class)) {
      */
     public void clearHistory() {
         cordova.getActivity().runOnUiThread(new Runnable() {
+            @Override
             public void run() {
                 webView.clearHistory();
             }
@@ -227,6 +231,7 @@ public void run() {
      */
     public void backHistory() {
         cordova.getActivity().runOnUiThread(new Runnable() {
+            @Override
             public void run() {
                 webView.backHistory();
             }
@@ -353,6 +358,7 @@ private void sendEventMessage(PluginResult payload) {
      * Unregister the receiver
      *
      */
+    @Override
     public void onDestroy()
     {
         webView.getContext().unregisterReceiver(this.telephonyReceiver);
 
@@ -302,6 +302,7 @@ public LoadUrlBridgeMode(CordovaWebViewEngine engine, CordovaInterface cordova)
         @Override
         public void onNativeToJsMessageAvailable(final NativeToJsMessageQueue queue) {
             cordova.getActivity().runOnUiThread(new Runnable() {
+                @Override
                 public void run() {
                     String js = queue.popAndEncodeAsJs();
                     if (js != null) {
@@ -330,6 +331,7 @@ public OnlineEventsBridgeMode(OnlineEventsBridgeModeDelegate delegate) {
         @Override
         public void reset() {
             delegate.runOnUiThread(new Runnable() {
+                @Override
                 public void run() {
                     online = false;
                     // If the following call triggers a notifyOfFlush, then ignore it.
@@ -342,6 +344,7 @@ public void run() {
         @Override
         public void onNativeToJsMessageAvailable(final NativeToJsMessageQueue queue) {
             delegate.runOnUiThread(new Runnable() {
+                @Override
                 public void run() {
                     if (!queue.isEmpty()) {
                         ignoreNextFlush = false;
@@ -372,6 +375,7 @@ public EvalBridgeMode(CordovaWebViewEngine engine, CordovaInterface cordova) {
         @Override
         public void onNativeToJsMessageAvailable(final NativeToJsMessageQueue queue) {
             cordova.getActivity().runOnUiThread(new Runnable() {
+                @Override
                 public void run() {
                     String js = queue.popAndEncodeAsJs();
                     if (js != null) {
 
@@ -41,22 +41,27 @@ public void setAcceptFileSchemeCookies() {
         cookieManager.setAcceptFileSchemeCookies(true);
     }
 
+    @Override
     public void setCookiesEnabled(boolean accept) {
         cookieManager.setAcceptCookie(accept);
     }
 
+    @Override
     public void setCookie(final String url, final String value) {
         cookieManager.setCookie(url, value);
     }
 
+    @Override
     public String getCookie(final String url) {
         return cookieManager.getCookie(url);
     }
 
+    @Override
     public void clearCookies() {
         cookieManager.removeAllCookies(null);
     }
 
+    @Override
     public void flush() {
         cookieManager.flush();
     }
Original file line number	Diff line number	Diff line change
`@@ -223,18 +223,21 @@ public void onRequestPermissionResult(int requestCode, String[] permissions,`
`223`	`223`	`}`
`224`	`224`	`}`
`225`	`225`
	`226`	`+ @Override`
`226`	`227`	`public void requestPermission(CordovaPlugin plugin, int requestCode, String permission) {`
`227`	`228`	`String[] permissions = new String [1];`
`228`	`229`	`permissions[0] = permission;`
`229`	`230`	`requestPermissions(plugin, requestCode, permissions);`
`230`	`231`	`}`
`231`	`232`
`232`		`- @SuppressLint("NewApi")`
	`233`	`+ @SuppressLint("NewApi")`
	`234`	`+ @Override`
`233`	`235`	`public void requestPermissions(CordovaPlugin plugin, int requestCode, String [] permissions) {`
`234`	`236`	`int mappedRequestCode = permissionResultCallbacks.registerCallback(plugin, requestCode);`
`235`	`237`	`getActivity().requestPermissions(permissions, mappedRequestCode);`
`236`	`238`	`}`
`237`	`239`
	`240`	`+ @Override`
`238`	`241`	`public boolean hasPermission(String permission)`
`239`	`242`	`{`
`240`	`243`	`return PackageManager.PERMISSION_GRANTED == activity.checkSelfPermission(permission);`
Original file line number	Diff line number	Diff line change
`@@ -41,22 +41,27 @@ public void setAcceptFileSchemeCookies() {`
`41`	`41`	`cookieManager.setAcceptFileSchemeCookies(true);`
`42`	`42`	`}`
`43`	`43`
	`44`	`+ @Override`
`44`	`45`	`public void setCookiesEnabled(boolean accept) {`
`45`	`46`	`cookieManager.setAcceptCookie(accept);`
`46`	`47`	`}`
`47`	`48`
	`49`	`+ @Override`
`48`	`50`	`public void setCookie(final String url, final String value) {`
`49`	`51`	`cookieManager.setCookie(url, value);`
`50`	`52`	`}`
`51`	`53`
	`54`	`+ @Override`
`52`	`55`	`public String getCookie(final String url) {`
`53`	`56`	`return cookieManager.getCookie(url);`
`54`	`57`	`}`
`55`	`58`
	`59`	`+ @Override`
`56`	`60`	`public void clearCookies() {`
`57`	`61`	`cookieManager.removeAllCookies(null);`
`58`	`62`	`}`
`59`	`63`
	`64`	`+ @Override`
`60`	`65`	`public void flush() {`
`61`	`66`	`cookieManager.flush();`
`62`	`67`	`}`