From 8804004f7cb57e6149ec75d6bb9badd0f22ecb6b Mon Sep 17 00:00:00 2001
From: "Jay Freeman (saurik)" <saurik@saurik.com>
Date: Fri, 25 Feb 2011 11:37:57 -0800
Subject: Restrict the cydia JS object to HTTPS.

---
 MobileCydia.mm | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/MobileCydia.mm b/MobileCydia.mm
index f24459b..1c700e5 100644
--- a/MobileCydia.mm
+++ b/MobileCydia.mm
@@ -4572,7 +4572,8 @@ static NSString *Warning_;
     NSURLResponse *response([source response]);
 
     NSURL *url([response URL]);
-    //NSString *scheme([url scheme]);
+
+    NSString *scheme([[url scheme] lowercaseString]);
     NSString *host([url host]);
 
     if ([response isKindOfClass:[NSHTTPURLResponse class]]) {
@@ -4581,8 +4582,9 @@ static NSString *Warning_;
         [self setHeaders:headers forHost:host];
     }
 
-    if ([CydiaHosts_ containsObject:host])
-        [window setValue:cydia_ forKey:@"cydia"];
+    if ([scheme isEqualToString:@"https"])
+        if ([CydiaHosts_ containsObject:host])
+            [window setValue:cydia_ forKey:@"cydia"];
 }
 
 - (NSURLRequest *) webView:(WebView *)view resource:(id)resource willSendRequest:(NSURLRequest *)request redirectResponse:(NSURLResponse *)response fromDataSource:(WebDataSource *)source {
-- 
cgit v1.2.3