Android--webview using Addjavascriptinterface in SDK 17 problem solving

When calling WebView's Addjavascriptinterface, using android:targetsdkversion= "10" is not a problem, can trigger events, but after all, using the version is generally the latest, I developed in order to pursue new, Then using the android:targetsdkversion= "17" property, when starting to use is not a problem, most phones can be used, such as ZTE's N986, Millet MIMU4.1 System is no problem, the system for 2.3 of several models also did not see the problem, then Samsung Note3 on the issue, not call this event, I also tangled half a day, and later on the internet to find the reason, is the last year of Android vulnerability caused by,

So there are two methods of modification:

1, modify android:targetsdkversion= "10", this can only be a temporary solution,

2. Find official documents: said in more than 17 need to add an interface javascriptinterface to use, and then carefully read the official demo to find, is the blue bold part. If you have encountered this problem, I hope to help you, thank you

Official instructions:

Public voidAddjavascriptinterface(Object object, String name)Added in API Level 1

Injects the supplied Java object into this WebView. The object is injected into the JavaScript context of the main frame, using the supplied name. This allows the Java object ' s methods-to is accessed from JavaScript. For applications targeted to API level JELLY_BEAN_MR1 and above, only public methods that is annotated with JavascriptInterface can is accessed From JavaScript. For applications targeted to API level JELLY_BEAN or below, all public methods (including the inherited ones) can is accessed, See the important security note below for implications.

Note that injected objects won't appear in JavaScript until the page is next (re) loaded. For example:

 class Jsobject {    @JavascriptInterface     Public StringtoString() { return "Injectedobject"; } }WebView.Addjavascriptinterface(New Jsobject(), "Injectedobject");WebView.LoadData("", "Text/html", NULL);WebView.Loadurl("Javascript:alert (injectedobject.tostring ())");

IMPORTANT:

• This method can is used to allow JavaScript to control the host application. This was a powerful feature, but also presents a security risk for applications targeted to API level JELLY_BEAN or below, Becau Se JavaScript could use reflection to access a injected object ' s public fields. Use of this method in a WebView containing untrusted content could allow an attacker to manipulate the host application in unintended ways, executing Java code with the permissions of the host application. Use extreme care when using the This method in a WebView which could contain untrusted content.
• JavaScript interacts with Java object in a private, background thread of this WebView. Care was therefore required to maintain thread safety.
• The Java object ' s fields is not accessible.

Parameters

Object	The Java object to inject into this WebView ' s JavaScript context. Null values are ignored.
Name	The name used to expose the object in JavaScript