Shulou(Shulou.com)06/02 Report--

This article mainly explains "what is the method of secure interaction between Android Webview Java and Javascript". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what is the method of secure interaction between Android Webview Java and Javascript".

Android Webview vulnerability

Android Webview has two well-known vulnerabilities:

The recently exposed UXSS vulnerability can surpass the homology policy and obtain Cookie and other information of any web page. There is no solution to this problem below Android 4.4, so you can only recompile the browser kernel. For more information, please refer to the recent mobile security. If you are interested, you can take a look at @ RAyH4c hijacking Weibo and Qzone video.

An arbitrary command execution vulnerability that has been known for a long time. Through the addJavascriptInterface method, Js can call the Java object method, and through the reflection mechanism, Js can directly obtain Runtime and execute arbitrary commands. Security can be guaranteed by declaring @ JavascriptInterface above Android 4.2. AddJavascriptInterface can no longer be called below 4.2, and you need to find another way.

Secure interaction between Java and Javascript

First of all, I would like to make a few points:

It is easy for Java in 1.Android Webview to call the Js method, and loadUrl ("_ javascript:isOk ()") can call the Js method isOk, but cannot directly get the return result of the Js method.

Class JsObject {@ JavascriptInterface public String toString () {return "injectedObject";}} webView.addJavascriptInterface (new JsObject (), "injectedObject"); webView.loadData ("", "text/html", null); webView.loadUrl ("_ javascript:alert (injectedObject.toString ())")

two。 In traditional methods, Js can obtain Java information in the following ways:

Import android.app.Activity; import android.graphics.Bitmap; import android.os.Bundle; import android.util.Log; import android.webkit.WebView; import android.webkit.WebViewClient; public class HtmlSource extends Activity {private WebView webView; @ Override public void onCreate (Bundle savedInstanceState) {super.onCreate (savedInstanceState); setContentView (R.layout.main); webView = (WebView) findViewById (R.id.webview); webView.getSettings () .setJavaScriptEnabled (true) WebView.addJavascriptInterface (new InJavaScriptLocalObj (), "local_obj"); webView.setWebViewClient (new MyWebViewClient ()); webView.loadUrl ("http://www.cnblogs.com/hibraincol/");} final class MyWebViewClient extends WebViewClient {public boolean shouldOverrideUrlLoading (WebView view, String url) {view.loadUrl (url); return true) } public void onPageStarted (WebView view, String url, Bitmap favicon) {Log.d ("WebView", "onPageStarted"); super.onPageStarted (view, url, favicon);} public void onPageFinished (WebView view, String url) {Log.d ("WebView", "onPageFinished") View.loadUrl ("_ javascript:window.local_obj.showSource ('+" + "document.getElementsByTagName ('html') [0] [xss_clean] +');"); super.onPageFinished (view, url);}} final class InJavaScriptLocalObj {public void showSource (String html) {Log.d ("HTML", html) }

3. When there is a hyperlink jump in the web page, the shouldOverrideUrlLoading method of WebClient will be called. If WebViewClient is set and the method returns true, it means that the url,WebView is not handled by the applied code, and the effect of blocking jump can be achieved.

Understanding the above points, we can summarize a relatively secure way to interact with Java and Js:

You can learn from the idea of Android Intent. Java and Js define a url format such as js://_,Java calling the Js method, which simulates the jump through _ window.location.href='js://_?key=value#key1=value1' in the Js method and is captured by the shouldOverrideUrlLoading of Java. The return value of the function can be placed in the parameters of url. (the principle of Js calling Java method is the same)

This interaction is asynchronous. What if you want to know if calling a Js method returns a value? Generally speaking, Java calls the Js method in the onPageFinished method, and the Js return value is obtained in the shouldOverrideUrlLoading method. The two methods have a common parameter webview, so you can first webview.setTag (false). If the returned result is captured, then webview.setTag (true), postDelayed in a short time such as 300ms later, webview.getTag () can check whether there is any change.

Thank you for your reading, the above is the content of "what is the method of secure interaction between Android Webview Java and Javascript". After the study of this article, I believe you have a deeper understanding of what the method of secure interaction between Android Webview Java and Javascript is, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.