Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1332)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java

Issue 9192008: Hook up ContentViewCore.add/removeJavascriptInterface() (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Try again Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/android/content_view_core_impl.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
diff --git a/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java b/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
index ee08d3aa173dad422f112f98a2ca09533393aa88..1d6364b5d1da54889e7efa43249db29d31e6f433 100644
--- a/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
+++ b/content/public/android/java/src/org/chromium/content/browser/ContentViewCore.java
@@ -130,7 +130,7 @@ public class ContentViewCore implements MotionEventDelegate {
private ContentSettings mContentSettings;
- // Native pointer to C++ ContentView object which will be set by nativeInit()
+ // Native pointer to C++ ContentViewCoreImpl object which will be set by nativeInit().
private int mNativeContentViewCore = 0;
private ContentViewGestureHandler mContentViewGestureHandler;
@@ -854,6 +854,58 @@ public class ContentViewCore implements MotionEventDelegate {
return mZoomManager.getZoomControlsViewForTest();
}
+ /**
+ * This method injects the supplied Java object into the ContentViewCore.
+ * The object is injected into the JavaScript context of the main frame,
+ * using the supplied name. This allows the Java object to be accessed from
+ * JavaScript. Note that that injected objects will not appear in
+ * JavaScript until the page is next (re)loaded. For example:
+ * <pre> view.addJavascriptInterface(new Object(), "injectedObject");
+ * view.loadData("<!DOCTYPE html><title></title>", "text/html", null);
+ * view.loadUrl("javascript:alert(injectedObject.toString())");</pre>
+ * <p><strong>IMPORTANT:</strong>
+ * <ul>
+ * <li> addJavascriptInterface() can be used to allow JavaScript to control
+ * the host application. This is a powerful feature, but also presents a
+ * security risk. Use of this method in a ContentViewCore containing
+ * untrusted content could allow an attacker to manipulate the host
+ * application in unintended ways, executing Java code with the permissions
+ * of the host application. Use extreme care when using this method in a
+ * ContentViewCore which could contain untrusted content. Particular care
+ * should be taken to avoid unintentional access to inherited methods, such
+ * as {@link Object#getClass()}. To prevent access to inherited methods,
+ * set {@code allowInheritedMethods} to {@code false}. In addition, ensure
+ * that the injected object's public methods return only objects designed
+ * to be used by untrusted code, and never return a raw Object instance.
+ * <li> JavaScript interacts with Java objects on a private, background
+ * thread of the ContentViewCore. Care is therefore required to maintain
+ * thread safety.</li>
+ * </ul></p>
+ *
+ * @param object The Java object to inject into the ContentViewCore's
+ * JavaScript context. Null values are ignored.
+ * @param name The name used to expose the instance in JavaScript.
+ * @param allowInheritedMethods Whether or not inherited methods may be
+ * called from JavaScript.
+ */
+ public void addJavascriptInterface(Object object, String name, boolean allowInheritedMethods) {
+ if (mNativeContentViewCore != 0 && object != null) {
+ nativeAddJavascriptInterface(mNativeContentViewCore, object, name,
+ allowInheritedMethods);
+ }
+ }
+
+ /**
+ * Removes a previously added JavaScript interface with the given name.
+ *
+ * @param name The name of the interface to remove.
+ */
+ public void removeJavascriptInterface(String name) {
+ if (mNativeContentViewCore != 0) {
+ nativeRemoveJavascriptInterface(mNativeContentViewCore, name);
+ }
+ }
+
@CalledByNative
private void startContentIntent(String contentUrl) {
getContentViewClient().onStartContentIntent(getContext(), contentUrl);
@@ -948,4 +1000,9 @@ public class ContentViewCore implements MotionEventDelegate {
private native boolean nativeNeedsReload(int nativeContentViewCoreImpl);
private native void nativeClearHistory(int nativeContentViewCoreImpl);
+
+ private native void nativeAddJavascriptInterface(int nativeContentViewCoreImpl, Object object,
+ String name, boolean allowInheritedMethods);
+
+ private native void nativeRemoveJavascriptInterface(int nativeContentViewCoreImpl, String name);
}
« no previous file with comments | « content/browser/android/content_view_core_impl.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698