@exodus/react-native-webview 13.16.0-exodus.5 → 13.16.0-exodus.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
package com.reactnativecommunity.webview;
|
|
2
2
|
|
|
3
|
-
import android.annotation.SuppressLint;
|
|
4
3
|
import android.graphics.Rect;
|
|
5
4
|
import android.net.Uri;
|
|
6
5
|
import android.text.TextUtils;
|
|
@@ -9,7 +8,6 @@ import android.view.Menu;
|
|
|
9
8
|
import android.view.MenuItem;
|
|
10
9
|
import android.view.MotionEvent;
|
|
11
10
|
import android.view.View;
|
|
12
|
-
import android.webkit.JavascriptInterface;
|
|
13
11
|
import android.webkit.ValueCallback;
|
|
14
12
|
import android.webkit.WebChromeClient;
|
|
15
13
|
import android.webkit.WebView;
|
|
@@ -55,8 +53,6 @@ public class RNCWebView extends WebView implements LifecycleEventListener {
|
|
|
55
53
|
String injectedJSBeforeContentLoaded;
|
|
56
54
|
protected static final String JAVASCRIPT_INTERFACE = "ReactNativeWebView";
|
|
57
55
|
protected @Nullable
|
|
58
|
-
RNCWebViewBridge fallbackBridge;
|
|
59
|
-
protected @Nullable
|
|
60
56
|
WebViewCompat.WebMessageListener bridgeListener = null;
|
|
61
57
|
|
|
62
58
|
protected boolean messagingEnabled = false;
|
|
@@ -246,6 +242,15 @@ public class RNCWebView extends WebView implements LifecycleEventListener {
|
|
|
246
242
|
this.bridgeListener = new WebViewCompat.WebMessageListener() {
|
|
247
243
|
@Override
|
|
248
244
|
public void onPostMessage(@NonNull WebView view, @NonNull WebMessageCompat message, @NonNull Uri sourceOrigin, boolean isMainFrame, @NonNull JavaScriptReplyProxy replyProxy) {
|
|
245
|
+
// Exodus: only accept messages from the top frame. The injected
|
|
246
|
+
// ReactNativeWebView object is available in every frame (subframes
|
|
247
|
+
// included), so without this guard any embedded iframe — even a
|
|
248
|
+
// cross-origin one that happens to pass the origin whitelist — could
|
|
249
|
+
// reach the native onMessage handler. This mirrors the iOS bridge,
|
|
250
|
+
// which is injected with forMainFrameOnly:YES.
|
|
251
|
+
if (!isMainFrame) {
|
|
252
|
+
return;
|
|
253
|
+
}
|
|
249
254
|
RNCWebView.this.onMessage(message.getData(), sourceOrigin.toString());
|
|
250
255
|
}
|
|
251
256
|
};
|
|
@@ -257,10 +262,14 @@ public class RNCWebView extends WebView implements LifecycleEventListener {
|
|
|
257
262
|
);
|
|
258
263
|
}
|
|
259
264
|
} else {
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
265
|
+
// Exodus: the legacy addJavascriptInterface bridge injects ReactNativeWebView
|
|
266
|
+
// into every frame and gives the native side no way to tell which frame a
|
|
267
|
+
// message came from, so it cannot enforce the top-frame restriction above.
|
|
268
|
+
// WEB_MESSAGE_LISTENER is supported on every WebView new enough to clear
|
|
269
|
+
// hardMinimumChromeVersion (100, see src/WebView.android.tsx), so this branch
|
|
270
|
+
// is unreachable in practice. Fail closed rather than install an unhardenable
|
|
271
|
+
// bridge.
|
|
272
|
+
FLog.w("RNCWebView", "WEB_MESSAGE_LISTENER is unsupported on this WebView; ReactNativeWebView messaging bridge not installed.");
|
|
264
273
|
}
|
|
265
274
|
injectJavascriptObject();
|
|
266
275
|
}
|
|
@@ -275,7 +284,6 @@ public class RNCWebView extends WebView implements LifecycleEventListener {
|
|
|
275
284
|
}
|
|
276
285
|
}
|
|
277
286
|
|
|
278
|
-
@SuppressLint("AddJavascriptInterface")
|
|
279
287
|
public void setMessagingEnabled(boolean enabled) {
|
|
280
288
|
if (messagingEnabled == enabled) {
|
|
281
289
|
return;
|
|
@@ -423,30 +431,6 @@ public class RNCWebView extends WebView implements LifecycleEventListener {
|
|
|
423
431
|
return this.getThemedReactContext().getReactApplicationContext();
|
|
424
432
|
}
|
|
425
433
|
|
|
426
|
-
protected class RNCWebViewBridge {
|
|
427
|
-
private String TAG = "RNCWebViewBridge";
|
|
428
|
-
RNCWebView mWebView;
|
|
429
|
-
|
|
430
|
-
RNCWebViewBridge(RNCWebView c) {
|
|
431
|
-
mWebView = c;
|
|
432
|
-
}
|
|
433
|
-
|
|
434
|
-
/**
|
|
435
|
-
* This method is called whenever JavaScript running within the web view calls:
|
|
436
|
-
* - window[JAVASCRIPT_INTERFACE].postMessage
|
|
437
|
-
*/
|
|
438
|
-
@JavascriptInterface
|
|
439
|
-
public void postMessage(String message) {
|
|
440
|
-
if (mWebView.getMessagingEnabled()) {
|
|
441
|
-
// Post to main thread because `mWebView.getUrl()` requires to be executed on main.
|
|
442
|
-
mWebView.post(() -> mWebView.onMessage(message, mWebView.getUrl()));
|
|
443
|
-
} else {
|
|
444
|
-
FLog.w(TAG, "ReactNativeWebView.postMessage method was called but messaging is disabled. Pass an onMessage handler to the WebView.");
|
|
445
|
-
}
|
|
446
|
-
}
|
|
447
|
-
}
|
|
448
|
-
|
|
449
|
-
|
|
450
434
|
protected static class ProgressChangedFilter {
|
|
451
435
|
private boolean waitingForCommandLoadUrl = false;
|
|
452
436
|
|
package/package.json
CHANGED
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
"Thibault Malbranche <malbranche.thibault@gmail.com>"
|
|
11
11
|
],
|
|
12
12
|
"license": "MIT",
|
|
13
|
-
"version": "13.16.0-exodus.
|
|
13
|
+
"version": "13.16.0-exodus.6",
|
|
14
14
|
"homepage": "https://github.com/ExodusMovement/react-native-webview#readme",
|
|
15
15
|
"scripts": {
|
|
16
16
|
"android": "react-native run-android",
|