Saturday, 10 December 2016

Creating interfaces between Java script code and Client side Android code

When developing a web application that's designed specifically for the WebView in your Android application, you can create interfaces between your JavaScript code and client-side Android code. For example, your JavaScript code can call a method in your Android code to display a Dialog, instead of using JavaScript's alert() function.

Code below:
browser.addJavascriptInterface(new WebAppInterface(WebViewActivty.this), "Android");

Webview Public methods

addJavascriptInterface

void addJavascriptInterface (Object object, String name)
Injects the supplied Java object into this WebView. The object is injected into the JavaScript context of the main frame, using the supplied name. This allows the Java object's methods to be accessed from JavaScript. For applications targeted to API level JELLY_BEAN_MR1 and above, only public methods that are annotated with JavascriptInterface can be accessed from JavaScript. For applications targeted to API level JELLY_BEAN or below, all public methods (including the inherited ones) can be accessed, see the important security note below for implications.

IMPORTANT:

This method can be used to allow JavaScript to control the host application. This is a powerful feature, but also presents a security risk for apps targeting JELLY_BEAN or earlier. Apps that target a version later than JELLY_BEAN are still vulnerable if the app runs on a device running Android earlier than 4.2. The most secure way to use this method is to target JELLY_BEAN_MR1 and to ensure the method is called only when running on Android 4.2 or later. With these older versions, JavaScript could use reflection to access an injected object's public fields. Use of this method in a WebView containing untrusted content could allow an attacker to manipulate the host application in unintended ways, executing Java code with the permissions of the host application. Use extreme care when using this method in a WebView which could contain untrusted content.

JavaScript interacts with Java object on a private, background thread of this WebView. Care is therefore required to maintain thread safety.
The Java object's fields are not accessible.

For applications targeted to API level LOLLIPOP and above, methods of injected Java objects are enumerable from JavaScript.

<html>
<head>
<style>
body{
background-color: #5F9EA0;
color:#fff;
}
input{
background-color: #B0C4DE;
width: 300px;
padding:10px;
color: #000;
}
div#content{
padding:20px;
background-color: #B0C4DE;
color: #000;
}
</style>
</head>
<body>
<script src="./index.js"></script>
<center>
<h3>Binding JavaScript code to Android code</h3>
<div id="content">
When developing a web application that's designed specifically for the WebView in your Android application, you can create interfaces between your JavaScript code and client-side Android code. For example, your JavaScript code can call a method in your Android code to display a Dialog, instead of using JavaScript's alert() function.
</div>
<div style="font-weight:bold">
    <br/>Calling Android Method from Java Script:
</div>
<div><br/>




<input type="button" value="Make Toast" onClick="showAndroidToast('Toast made by Javascript :)')" /><br/>
<input type="button" value="Trigger Dialog" onClick="showAndroidDialog('This dialog is triggered by Javascript :)')" /><br/>
<input type="button" value="Take me to Next Screen" onClick="moveToScreenTwo()" />
</div>
</center>

</body>
</html>


To get Code Click Here









No comments:

Post a Comment