WebView中的JsBridge(Hybrid),WebViewClient和WebChromeClient及安全漏洞
2017-07-05 14:51
459 查看
WebView形象的理解上述流程从一个loadUrl来看,详细流程如下:
Browser.loadUrl ------> WebView.loadUrl -------> WebViewChromium.loadUrl --------> AwContents.loadUrl ------> ContentViewCore.loadUrl
> JsBridge
WebView中的网页进行交互,点击网页通过接口进行原生处理,
Android 各个版本WebView- http://blog.csdn.NET/typename/article/details/40425275
JsBridge基于https://github.com/lzyzsd/JsBridge 优化改进而来的Android JsBridge-https://github.com/hjhrq1991/JsBridge
JSBridge框架,JS和native通信的桥梁- https://github.com/firewolf-ljw/WebViewJSBridge
webview实现h5视频全屏播放兼容Android7.0,自己添加webview库兼容全部版本-http://blog.csdn.net/insist_hui/article/details/58172859 https://github.com/lshAndroid/WebviewTBS/tree/master
JsBridge实现Js与Java的互相调用- https://github.com/lzyzsd/JsBridge WebViewJavascriptBridge框架- https://github.com/marcuswestin/WebViewJavascriptBridge
Android4.2下 WebView的addJavascriptInterface漏洞解决方案(@JavascriptInterface)- http://blog.csdn.net/zhouyongyang621/article/details/47000041
> 拦截网络URL请求
webview拦截请求- http://blog.csdn.net/knxw0001/article/details/10903055
Android 拦截WebView加载URL,控制其加载CSS、JS资源- http://blog.csdn.net/lyhhj/article/details/49517537
Android中WebView拦截js请求- http://blog.csdn.net/wang8651971/article/details/45584117
> WebView中WebViewClient和WebChromeClient区别与联系
WebViewClient用于帮助WebView处理各种通知和请求事件;
而WebChromeClient更丰富一些,帮助WebView处理Javascript各类对话框、弹窗等等。
Hybrid App知识点收集- http://blog.csdn.net/qq_27429143/article/details/78916163
1.拦截JS对话框 WebView.setWebChromeClient(new WebChromeClient(){});
2. WebView拦截某一个链接不执行此链接或拦截URL或拦截H5页面点击之后的URL
Android webView拦截url- http://blog.csdn.net/u010694658/article/details/52388287
// 此回调是拦截点击要跳转的url链接,并对请求的url链接做修改(添加删除字段)
public WebResourceResponse shouldInterceptRequest(WebView view, String url)
// 在点击请求的是链接是才会调用,重写此方法返回true表明点击网页里面的链接还是在当前的webview里跳转,不跳到浏览器那边。这个函数我们可以做很多操作,比如我们读取到某些特殊的URL,于是就可以不打开地址,取消这个操作,进行预先定义的其他操作,这对一个程序是非常必要的。
public boolean shouldOverrideUrlLoading(WebView view, String url)
1.WebViewClient比较基础的方法,帮助WebView处理各种通知和请求事件;
//处理webView的按键事件
boolean shouldOverrideKeyEvent(WebView view, KeyEvent event)
//截取url请求,在当前视图加载,避免在跳转到自带浏览器
boolean shouldOverrideUrlLoading(WebView view, String url)
//WebView改变时调用
void onScaleChanged(WebView view, float oldScale, float newScale)
//对https的请求处理
void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error)
//获取返回信息授权
void onReceivedHttpAuthRequest(WebView view, HttpAuthHandler handler, String host, String realm)
//处理报错信息(API23以后用第二个)
void onReceivedError(WebView view, int errorCode, String description, String failingUrl)
void onReceivedError(WebView view, WebResourceRequest request, WebResourceError error)
//页面开始载入时调用
void onPageStarted(WebView view, String url, Bitmap favicon)
//页面载入结束时调用
void onPageFinished(WebView view, String url)
//加载资源时调用
void onLoadResource(WebView view, String url)
webView.setJavaScriptEnabled(true)影响Activity的生命周期
//Agent设置
// WebSettings webSettings = wvPagePV.getSettings();
// wvPagePV.getSettings().setJavaScriptEnabled(true); // 支持js互调,影响Activity的生命周期
wvPagePV.getSettings().setUserAgentString(wvPagePV.getSettings().getUserAgentString() + "/netwin/" + MyUtils.getVersionName(mContext));
wvPagePV.loadUrl(newsDetail.newsUrl);
2.WebChromeClient比较基础的方法,帮助WebView处理Javascript各类对话框、弹窗等//webview关闭时调用void onCloseWindow(WebView window)//Js的弹窗boolean onJsAlert(WebView view, String url, String message, JsResult result)//Js提示框boolean onJsPrompt(WebView
view, String url, String message, String defaultValue, JsPromptResult result)//Js确认框boolean onJsConfirm(WebView view, String url, String message, JsResult result)//加载进度void onProgressChanged(WebView view, int newProgress)//全屏模式(API18以后用第二种)onShowCustomView(View
view, WebChromeClient.CustomViewCallback callback)
onShowCustomView(View view, int requestedOrientation, WebChromeClient.CustomViewCallback callback)
3. 未开放的重写方法,比如如下:
// For Android 3.0+
public void openFileChooser(ValueCallback<Uri> uploadMsg) {...}
// For Android 3.0+
public void openFileChooser(ValueCallback uploadMsg, String acceptType) {...}
// For Android 4.1
public void openFileChooser(ValueCallback<Uri> uploadMsg, String acceptType, String capture) {...}
// For Android 5.0+
public boolean onShowFileChooser (WebView webView, ValueCallback<Uri[]> filePathCallback,
WebChromeClient.FileChooserParams fileChooserParams) {
return true;
}
4. webView的安全漏洞
webView常见漏洞以及解决方法- http://blog.csdn.net/fulai00/article/details/52921779
Android4.2下 WebView的addJavascriptInterface漏洞解决方案- http://blog.csdn.net/zhouyongyang621/article/details/47000041
JS与WebView交互存在的一些问题- http://www.jianshu.com/p/93cea79a2443
在Android系统4.3.1~3.0版本,系统webview默认添加了searchBoxJavaBridge_接口,如果未移除该接口可能导致低版本Android系统远程命令执行漏洞;
修复建议:判断系统版本,显式调用removeJavascriptInterface方法移除searchBoxJavaBridge_接口;
// 在Android系统4.3.1~3.0版本,系统webview默认添加了searchBoxJavaBridge_接口,如果未移除该接口可能导致低版本Android系统远程命令执行漏洞
//如果真的需要没有这些漏洞的话,你可以尝试用腾讯的X5内核,和WebView用法一样。
removeJavascriptInterface("searchBoxJavaBridge_");
removeJavascriptInterface("accessibility") ;
removeJavascriptInterface("accessibilityTraversal");
if(Build.VERSION.SDK_INT == 18)
mWebView.removeJavascriptInterface("searchBoxJavaBridge_");
if (Build.VERSION.SDK_INT >= 11 && Build.VERSION.SDK_INT < 17) {
try {
webView.removeJavascriptInterface("searchBoxJavaBridge_");
webView.removeJavascriptInterface("accessibility");
webView.removeJavascriptInterface("accessibilityTraversal");
} catch (Throwable tr) {
tr.printStackTrace();
}
}
Browser.loadUrl ------> WebView.loadUrl -------> WebViewChromium.loadUrl --------> AwContents.loadUrl ------> ContentViewCore.loadUrl
> JsBridge
WebView中的网页进行交互,点击网页通过接口进行原生处理,
Android 各个版本WebView- http://blog.csdn.NET/typename/article/details/40425275
JsBridge基于https://github.com/lzyzsd/JsBridge 优化改进而来的Android JsBridge-https://github.com/hjhrq1991/JsBridge
JSBridge框架,JS和native通信的桥梁- https://github.com/firewolf-ljw/WebViewJSBridge
webview实现h5视频全屏播放兼容Android7.0,自己添加webview库兼容全部版本-http://blog.csdn.net/insist_hui/article/details/58172859 https://github.com/lshAndroid/WebviewTBS/tree/master
JsBridge实现Js与Java的互相调用- https://github.com/lzyzsd/JsBridge WebViewJavascriptBridge框架- https://github.com/marcuswestin/WebViewJavascriptBridge
Android4.2下 WebView的addJavascriptInterface漏洞解决方案(@JavascriptInterface)- http://blog.csdn.net/zhouyongyang621/article/details/47000041
> 拦截网络URL请求
webview拦截请求- http://blog.csdn.net/knxw0001/article/details/10903055
Android 拦截WebView加载URL,控制其加载CSS、JS资源- http://blog.csdn.net/lyhhj/article/details/49517537
Android中WebView拦截js请求- http://blog.csdn.net/wang8651971/article/details/45584117
@Override public boolean shouldOverrideUrlLoading(WebView view, String url) { if (url.startsWith(kCustomProtocolScheme)) { if (url.indexOf(kQueueHasMessage) > 0) { flushMessageQueue(); } return true; } return super.shouldOverrideUrlLoading(view, url); } @Override public WebResourceResponse shouldInterceptRequest(WebView view, String url) { //TODO String fileName = null; WebResourceResponse response = null; if (url.contains("logo")) { try { InputStream localCopy = NyApplication.getInstance().getAssets().open("droidyue.png"); response = new WebResourceResponse("image/png", "UTF-8", localCopy); } catch (IOException e) { e.printStackTrace(); } } if(url.contains("/base.css")){ LogUtil.e(",WVJBWebViewClient,shouldOverrideUrlLoading()","url="+url); // webView.loadUrl("file:///android_asset/pages/css/base.css"); }else if(url.contains("/netyun/css/textitem.css")){ LogUtil.e(",WVJBWebViewClient,shouldOverrideUrlLoading()","url="+url); // webView.loadUrl("file:///android_asset/pages/css/textitem.css"); }else if(url.contains("/js/item.js")){ LogUtil.e(",WVJBWebViewClient,shouldOverrideUrlLoading()","url="+url); // webView.loadUrl("file:///android_asset/pages/js/item.js"); }else if(url.contains("/libs/requirejs/require.js")){ LogUtil.e(",WVJBWebViewClient,shouldOverrideUrlLoading()","url="+url); // webView.loadUrl("file:///android_asset/pages/js/require.js"); }else{ } try { InputStream localCopy = NyApplication.getInstance().getAssets().open("droidyue.png"); response = new WebResourceResponse("image/png", "UTF-8", localCopy); }catch (IOException e) { e.printStackTrace(); } return response; // return super.shouldInterceptRequest(view, url); } @Override public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) { return super.shouldInterceptRequest(view, request); }
> WebView中WebViewClient和WebChromeClient区别与联系
WebViewClient用于帮助WebView处理各种通知和请求事件;
而WebChromeClient更丰富一些,帮助WebView处理Javascript各类对话框、弹窗等等。
Hybrid App知识点收集- http://blog.csdn.net/qq_27429143/article/details/78916163
1.拦截JS对话框 WebView.setWebChromeClient(new WebChromeClient(){});
2. WebView拦截某一个链接不执行此链接或拦截URL或拦截H5页面点击之后的URL
Android webView拦截url- http://blog.csdn.net/u010694658/article/details/52388287
// 此回调是拦截点击要跳转的url链接,并对请求的url链接做修改(添加删除字段)
public WebResourceResponse shouldInterceptRequest(WebView view, String url)
// 在点击请求的是链接是才会调用,重写此方法返回true表明点击网页里面的链接还是在当前的webview里跳转,不跳到浏览器那边。这个函数我们可以做很多操作,比如我们读取到某些特殊的URL,于是就可以不打开地址,取消这个操作,进行预先定义的其他操作,这对一个程序是非常必要的。
public boolean shouldOverrideUrlLoading(WebView view, String url)
1.WebViewClient比较基础的方法,帮助WebView处理各种通知和请求事件;
//处理webView的按键事件
boolean shouldOverrideKeyEvent(WebView view, KeyEvent event)
//截取url请求,在当前视图加载,避免在跳转到自带浏览器
boolean shouldOverrideUrlLoading(WebView view, String url)
//WebView改变时调用
void onScaleChanged(WebView view, float oldScale, float newScale)
//对https的请求处理
void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error)
//获取返回信息授权
void onReceivedHttpAuthRequest(WebView view, HttpAuthHandler handler, String host, String realm)
//处理报错信息(API23以后用第二个)
void onReceivedError(WebView view, int errorCode, String description, String failingUrl)
void onReceivedError(WebView view, WebResourceRequest request, WebResourceError error)
//页面开始载入时调用
void onPageStarted(WebView view, String url, Bitmap favicon)
//页面载入结束时调用
void onPageFinished(WebView view, String url)
//加载资源时调用
void onLoadResource(WebView view, String url)
webView.setJavaScriptEnabled(true)影响Activity的生命周期
//Agent设置
// WebSettings webSettings = wvPagePV.getSettings();
// wvPagePV.getSettings().setJavaScriptEnabled(true); // 支持js互调,影响Activity的生命周期
wvPagePV.getSettings().setUserAgentString(wvPagePV.getSettings().getUserAgentString() + "/netwin/" + MyUtils.getVersionName(mContext));
wvPagePV.loadUrl(newsDetail.newsUrl);
wvPagePV.setWebViewClient(new WebViewClient(){//拦截URL请求或页面点击 @Override public boolean shouldOverrideUrlLoading(WebView view, String url) { LogUtil.e("desaco","url="+url); return super.shouldOverrideUrlLoading(view, url); } @Override public void onPageStarted(WebView view, String url, Bitmap favicon) { LogUtil.e("desaco","onPageStarted()"); super.onPageStarted(view, url, favicon); } @Override public void onPageFinished(WebView view, String url) { LogUtil.e("desaco","onPageFinished()"); super.onPageFinished(view, url); } @Override public void onReceivedError(WebView view, WebResourceRequest request, WebResourceError error) { super.onReceivedError(view, request, error); } @Override public void onReceivedClientCertRequest(WebView view, ClientCertRequest request) { super.onReceivedClientCertRequest(view, request); } });
2.WebChromeClient比较基础的方法,帮助WebView处理Javascript各类对话框、弹窗等//webview关闭时调用void onCloseWindow(WebView window)//Js的弹窗boolean onJsAlert(WebView view, String url, String message, JsResult result)//Js提示框boolean onJsPrompt(WebView
view, String url, String message, String defaultValue, JsPromptResult result)//Js确认框boolean onJsConfirm(WebView view, String url, String message, JsResult result)//加载进度void onProgressChanged(WebView view, int newProgress)//全屏模式(API18以后用第二种)onShowCustomView(View
view, WebChromeClient.CustomViewCallback callback)
onShowCustomView(View view, int requestedOrientation, WebChromeClient.CustomViewCallback callback)
wvPagePV.setWebChromeClient(new WebChromeClient() {//拦截JS对话框 @Override public void onProgressChanged(WebView view, int progress) { } @Override public void onReceivedTitle(WebView view, String title) { super.onReceivedTitle(view, title); } @Override public boolean onJsAlert(WebView view, String url, String message, JsResult result) { return super.onJsAlert(view, url, message, result); } @Override public boolean onJsConfirm(WebView view, String url, String message, JsResult result) { return super.onJsConfirm(view, url, message, result); } @Override public boolean onJsPrompt(WebView view, String url, String message, String defaultValue, JsPromptResult result) { return super.onJsPrompt(view, url, message, defaultValue, result); } @Override public boolean onJsTimeout() { return super.onJsTimeout(); } @Override public boolean onConsoleMessage(ConsoleMessage consoleMessage) { return super.onConsoleMessage(consoleMessage); } @Override public void onReceivedIcon(WebView view, Bitmap icon) { super.onReceivedIcon(view, icon); } });
3. 未开放的重写方法,比如如下:
// For Android 3.0+
public void openFileChooser(ValueCallback<Uri> uploadMsg) {...}
// For Android 3.0+
public void openFileChooser(ValueCallback uploadMsg, String acceptType) {...}
// For Android 4.1
public void openFileChooser(ValueCallback<Uri> uploadMsg, String acceptType, String capture) {...}
// For Android 5.0+
public boolean onShowFileChooser (WebView webView, ValueCallback<Uri[]> filePathCallback,
WebChromeClient.FileChooserParams fileChooserParams) {
return true;
}
4. webView的安全漏洞
webView常见漏洞以及解决方法- http://blog.csdn.net/fulai00/article/details/52921779
Android4.2下 WebView的addJavascriptInterface漏洞解决方案- http://blog.csdn.net/zhouyongyang621/article/details/47000041
JS与WebView交互存在的一些问题- http://www.jianshu.com/p/93cea79a2443
在Android系统4.3.1~3.0版本,系统webview默认添加了searchBoxJavaBridge_接口,如果未移除该接口可能导致低版本Android系统远程命令执行漏洞;
修复建议:判断系统版本,显式调用removeJavascriptInterface方法移除searchBoxJavaBridge_接口;
// 在Android系统4.3.1~3.0版本,系统webview默认添加了searchBoxJavaBridge_接口,如果未移除该接口可能导致低版本Android系统远程命令执行漏洞
//如果真的需要没有这些漏洞的话,你可以尝试用腾讯的X5内核,和WebView用法一样。
removeJavascriptInterface("searchBoxJavaBridge_");
removeJavascriptInterface("accessibility") ;
removeJavascriptInterface("accessibilityTraversal");
if(Build.VERSION.SDK_INT == 18)
mWebView.removeJavascriptInterface("searchBoxJavaBridge_");
if (Build.VERSION.SDK_INT >= 11 && Build.VERSION.SDK_INT < 17) {
try {
webView.removeJavascriptInterface("searchBoxJavaBridge_");
webView.removeJavascriptInterface("accessibility");
webView.removeJavascriptInterface("accessibilityTraversal");
} catch (Throwable tr) {
tr.printStackTrace();
}
}
相关文章推荐
- Android混合开发之WebViewJavascriptBridge实现JS与java安全交互
- Android Hybrid混合开发(Webview+JSBridge)简介
- Android中使用WebView, WebChromeClient和WebViewClient加载网页 (能够执行js)
- Hybrid(混合式) Appz之WebView中如何让JS与Java安全地互相调用
- Android WebView的Js对象注入漏洞解决方案(JSBridge存在的意义)
- Android混合开发之WebViewJavascriptBridge实现JS与java安全交互
- Android中WebViewJavascriptBridge实现JS与java安全交互
- Android混合开发之WebViewJavascriptBridge实现JS与java安全交互
- android 调用js webView网页,点击提交按钮无效(注意加上setWebChromeClient())
- Android混合开发之WebViewJavascriptBridge实现JS与java安全交互
- Android之WebViewClient与WebChromeClient的区别
- Android WebView的Js对象注入漏洞解决方案
- WebChromeClient////WebViewClient区别
- Android WebView的Js对象注入漏洞解决方案
- Android中WebView无法后退和js注入漏洞的解决方案
- JS与原生App通讯 WebViewJavascriptBridge
- Android之WebViewClient与WebChromeClient的区别
- Android中使用WebView, WebChromeClient和WebViewClient加载网页
- WebViewClient 和 WebChromeClient的使用区别
- Android 安全--WebView不校验证书漏洞