Skip to content

Commit 1c7bacf

Browse files
jakeboone02jakeboone02
committed
Added allowCrossDomainPages documentation to Configuring Defaults page
1 parent afb18ea commit 1c7bacf

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

docs/api/globalconfig.html

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,13 +92,15 @@ <h2>Configurable options</h2>
9292
<dt><code>activePageClass</code> <em>string</em>, default: "ui-page-active"</dt>
9393
<dd>The class assigned to page currently in view, and during transitions</dd>
9494

95-
9695
<dt><code>activeBtnClass</code> <em>string</em>, default: "ui-btn-active"</dt>
9796
<dd>The class used for "active" button state, from CSS framework.</dd>
9897

9998
<dt><code>ajaxEnabled</code> <em>boolean</em>, default: true</dt>
10099
<dd>jQuery Mobile will automatically handle link clicks and form submissions through Ajax, when possible. If false, url hash listening will be disabled as well, and urls will load as regular http requests.</dd>
101100

101+
<dt><code>allowCrossDomainPages</code> <em>boolean</em>, default: false</dt>
102+
<dd>When jQuery Mobile attempts to load an external page, the request runs through <code>$.mobile.loadPage()</code>. This will only allow cross-domain requests if <code>$.mobile.allowCrossDomainPages</code> is set to true. Because the jQuery Mobile framework tracks what page is being viewed within the browser's location hash, it is possible for a cross-site scripting (XSS) attack to occur if the XSS code in question can manipulate the hash and set it to a cross-domain URL of its choice. This is the main reason that the default setting for $.mobile.allowCrossDomainPages is set to false. In PhoneGap apps that must "phone home" by loading assets off a remote server, both the <code>$.support.cors</code> AND <code>$.mobile.allowCrossDomainPages</code> must be set to true.</dd>
103+
102104
<dt><code>linkBindingEnabled</code> <em>boolean</em>, default: true</dt>
103105
<dd>jQuery Mobile will automatically bind the clicks on anchor tags in your document. Setting this options to false will prevent all anchor click handling <em>including</em> the addition of active button state and alternate link bluring. This should only be used when attempting to delegate the click management to another library or custom code.</dd>
104106

0 commit comments

Comments
 (0)