Tag:oid rip obj ac system interface tool java code load
- Java calls JavaScript
- JavaScript calls Java
- WebView provides a tool class called websetting to implement a Java method that allows JavaScript scripts in WebView to call Android, three steps:
- Mwebview.getwebsetting, calling the Setjavascriptenabled method of the Websetting class
Websettings.setjavascriptenabled (TRUE);
Mwebview.addjavascriptinterface (New Javaobject (This), "Javaobject");
The above JavaScript call Java method, although officially provided, in the system prior to android4.2, the above usage has a great security risk, can cause WebView Remote Code execution vulnerability. Since android4.2, Google has fixed the vulnerability, and the only modification is to add @javascriptinterface annotations to methods exposed to JavaScript calls
- Solutions before Android 4.2
Android WebView Java and JavaScript interaction