[Android] via JS method callback part native error Web console:uncaught typeerror:object [Object Object] has no method ' xxx '

Before android4.2, the injection steps are as follows:

Webview.getsetting (). setjavascriptenable (true); class jsobject {    publicreturn ' Injectedobject ';}} webview.addjavascriptinterface (  New jsobject (), "Injectedobject");

Android4.2 and later, the injection steps are as follows:

Webview.getsetting (). setjavascriptenable (true); class jsobject {    @JavascriptInterface    publicreturn "Injectedobject";}} Webview.addjavascriptinterface (new jsobject (), "Injectedobject");

Did you find the difference? The interface that was exposed by the object injected to WebView before 4.2 ToString does not have a comment statement @javascriptinterface, and 4.2 and later has more comment statements @javascriptinterface

The official documentation is known because this interface allows JavaScript to control the host application, which is a powerful feature, but at the same time, there is a major security risk in the 4.2 version, because JavaScript You can use reflection to access the public fields of a Java object injected with WebView, using this method in a WebView containing untrusted content, allowing an attacker to tamper with the host application and execute Java code with the privileges of the host application. Therefore, after 4.2, any interface for JS exposure needs to be added

@JavascriptInterface

Comment so that the fields of this Java object will not be allowed to be accessed by JS.

Official Document Description:

From the Android 4.2 documentation:

Caution:if you ' ve set your targetsdkversion to + or higher, you must add the @JavascriptInterface annotation to any meth OD that you want available your Web page code (the method must also is public). If you don't provide the annotation, then the method won't accessible by your Web page when running on Android 4.2 or Higher.

Note: If Targetsdkversion is set to 17 or higher, but does not add @javascriptinterface annotations to the exposed JS interface, LOGCAT will report the following output:

E/web console:uncaught Typeerror:object [Object Object] has no method ' toString '

Public void addjavascriptinterface (Object object, String name) Added in API Level 1

Injects the supplied Java object into this WebView. The object is injected into the JavaScript context of the main frame, using the supplied name. This allows the Java object ' s methods-to is accessed from JavaScript. For applications targeted to API level JELLY_BEAN_MR1 and above, only public methods that is annotated with JavascriptInterface can is accessed From JavaScript. For applications targeted to API level JELLY_BEAN or below, all public methods (including the inherited ones) can is accessed, See the important security note below for implications.

Note that injected objects won't appear in JavaScript until the page is next (re) loaded. For example:

Class Jsobject {@JavascriptInterfacePublic StringTostring() { Return "Injectedobject"; } } webview. Addjavascriptinterface (new jsobject< Span class= "pun" > (),  . Loaddata ( "" ,  "Text/html" , null); . Loadurl  

IMPORTANT:

• This method can is used to allow JavaScript to control the host application. This was a powerful feature, but also presents a security risk for applications targeted to API level JELLY_BEAN or below, Becau Se JavaScript could use reflection to access a injected object ' s public fields. Use of this method in a WebView containing untrusted content could allow an attacker to manipulate the host application in unintended ways, executing Java code with the permissions of the host application. Use extreme care when using the This method in a WebView which could contain untrusted content.
• JavaScript interacts with Java object in a private, background thread of this WebView. Care was therefore required to maintain thread safety.
• The Java object ' s fields is not accessible.

Parameters

Object	The Java object to inject into this WebView ' s JavaScript context. Null values are ignored.
Name	The name used to expose the object in JavaScript

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

[Android] via JS method callback part native error Web console:uncaught typeerror:object [Object Object] has no method ' xxx '