Java Code Examples for android.webkit.WebView#removeJavascriptInterface()

The following examples show how to use android.webkit.WebView#removeJavascriptInterface() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: WXEmbed.java    From ucar-weex-core with Apache License 2.0 7 votes vote down vote up 
@SuppressLint("SetJavaScriptEnabled")
@Override
public void onException(NestedContainer comp, String errCode, String msg) {
  //downgrade embed
  if( errCode != null && comp instanceof WXEmbed && errCode.startsWith("1|")) {
    ViewGroup container = comp.getViewContainer();
    WebView webView = new WebView(container.getContext());
    ViewGroup.LayoutParams params = new ViewGroup.LayoutParams(ViewGroup.LayoutParams.MATCH_PARENT, ViewGroup.LayoutParams.MATCH_PARENT);
    webView.setLayoutParams(params);
    webView.getSettings().setJavaScriptEnabled(true);

    //WebView Remote Code Execution Vulnerability
    webView.removeJavascriptInterface("searchBoxJavaBridge_");
    webView.removeJavascriptInterface("accessibility");
    webView.removeJavascriptInterface("accessibilityTraversal");
    webView.getSettings().setSavePassword(false);

    container.removeAllViews();
    container.addView(webView);
    webView.loadUrl(((WXEmbed) comp).src);
  }else{
    super.onException(comp,errCode,msg);
  }
}
Example 2
Source File: WXEmbed.java    From weex-uikit with MIT License 6 votes vote down vote up 
@SuppressLint("SetJavaScriptEnabled")
@Override
public void onException(NestedContainer comp, String errCode, String msg) {
  //downgrade embed
  if( errCode != null && comp instanceof WXEmbed && errCode.startsWith("1|")) {
    ViewGroup container = comp.getViewContainer();
    WebView webView = new WebView(container.getContext());
    ViewGroup.LayoutParams params = new ViewGroup.LayoutParams(ViewGroup.LayoutParams.MATCH_PARENT, ViewGroup.LayoutParams.MATCH_PARENT);
    webView.setLayoutParams(params);
    webView.getSettings().setJavaScriptEnabled(true);

    //WebView Remote Code Execution Vulnerability
    webView.removeJavascriptInterface("searchBoxJavaBridge_");
    webView.removeJavascriptInterface("accessibility");
    webView.removeJavascriptInterface("accessibilityTraversal");
    webView.getSettings().setSavePassword(false);

    container.removeAllViews();
    container.addView(webView);
    webView.loadUrl(((WXEmbed) comp).src);
  }else{
    super.onException(comp,errCode,msg);
  }
}
Example 3
Source File: PopWebViewSecurity.java    From PoupoLayer with MIT License 5 votes vote down vote up 
@TargetApi(11)
public static final void removeJavascriptInterfaces(WebView webView) {
    try {
        if (Build.VERSION.SDK_INT >= 11 && Build.VERSION.SDK_INT < 17) {
            webView.removeJavascriptInterface("searchBoxJavaBridge_");
            webView.removeJavascriptInterface("accessibility");
            webView.removeJavascriptInterface("accessibilityTraversal");
        }
    } catch (Throwable tr) {
        tr.printStackTrace();
    }
}
Example 4
Source File: WebViewActivity.java    From YCAudioPlayer with Apache License 2.0 5 votes vote down vote up 
/**
 * 例如,该案例中链接来于喜马拉雅,支付宝,购物网站等等,就需要注意程序漏洞
 * 如果启用了JavaScript,务必做好安全措施,防止远程执行漏洞
 *
 * @param webView webView控件
 */
@SuppressLint("ObsoleteSdkInt")
@TargetApi(11)      //支持api11以上
private void removeJavascriptInterfaces(WebView webView) {
    try {
        if (Build.VERSION.SDK_INT >= 11 && Build.VERSION.SDK_INT < 17) {
            webView.removeJavascriptInterface("searchBoxJavaBridge_");
            webView.removeJavascriptInterface("accessibility");
            webView.removeJavascriptInterface("accessibilityTraversal");
        }
    } catch (Throwable tr) {
        tr.printStackTrace();
    }
}
Example 5
Source File: WebViewJavascriptActivity.java    From AndroidQuick with MIT License 5 votes vote down vote up 
@TargetApi(11)
public void release() {
    if (webViewHolder != null) {
        WebView webView = webViewHolder.get();
        if (webView != null) {
            if (Build.VERSION.SDK_INT > Build.VERSION_CODES.HONEYCOMB) {
                webView.removeJavascriptInterface("AndroidJSInterfaceV2");
            }
        }
    }
}
Example 6
Source File: WebSecurityLogicImpl.java    From AgentWeb with Apache License 2.0 5 votes vote down vote up 
@TargetApi(Build.VERSION_CODES.HONEYCOMB)
@Override
public void dealHoneyComb(WebView view) {
    if (Build.VERSION_CODES.HONEYCOMB > Build.VERSION.SDK_INT || Build.VERSION.SDK_INT > Build.VERSION_CODES.JELLY_BEAN_MR1) {
        return;
    }
    view.removeJavascriptInterface("searchBoxJavaBridge_");
    view.removeJavascriptInterface("accessibility");
    view.removeJavascriptInterface("accessibilityTraversal");
}
Example 7
Source File: PowerfulWebView.java    From ProjectX with Apache License 2.0 4 votes vote down vote up 
private void onRemove(WebView view) {
    view.removeJavascriptInterface(mName);
}