The whitelist is present on both iOS and Android, but not other platforms yet.
Under iOS, it goes under the name of “External Hosts,” which is explained here: http://wiki.phonegap.com/w/page/41631150/PhoneGap%20for%20iOS%20FAQ
Q. Links to and imported files from external hosts don't load? A. The latest code has the new white-list feature. If you are referencing external hosts, you will have to add the host in PhoneGap.plist under the "ExternalHosts" key. Wildcards are ok. So if you are connecting to "http://phonegap.com", you have to add "phonegap.com" to the list (or use the wildcard "*.phonegap.com" which will match subdomains as well).
<key>ExternalHosts</key> <array> <string>*</string> </array>
For Android, the feature is currently undocumented and somewhat buggy, although undergoing fixes. This thread holds some good troubleshooting details: https://groups.google.com/forum/#!topic/phonegap/9NZ4J4l1I-s
In a nutshell, it is the ‘access’ attribute in xml/phonegap.xml. It uses perl-style regex
To allow all domains (debugging): <access origin=".*"/>
Soon, this may be change to the following syntax:
<access origin="https://example.com" subdomains="true" />
Whitelist on BlackBerry is provided as part of the WebWorks framework
and is configured via config.xml:
The sample project allows access to all URL via the “*” wild card.