From e91d5bee241f30513b82263bc71b56abfde8ad8d Mon Sep 17 00:00:00 2001 From: Selim Gurun Date: Tue, 11 Sep 2012 16:11:22 -0700 Subject: Make JavascriptInterface annotation public. Bug: 7073422 This change makes @JavascriptInterface public and it requires using this annotation to allow javascript access to public java methods for API level JELLY_BEAN_MR1 and above. The behavior does not change for API levels JELLY_BEAN and below. Change-Id: I4108b17cf71b9ac273d7b61b1c8f7f5581e922ee --- core/java/android/webkit/JavascriptInterface.java | 3 +-- core/java/android/webkit/WebView.java | 25 +++++++++++++++-------- core/java/android/webkit/WebViewClassic.java | 12 +++++++++-- 3 files changed, 28 insertions(+), 12 deletions(-) (limited to 'core/java/android/webkit') diff --git a/core/java/android/webkit/JavascriptInterface.java b/core/java/android/webkit/JavascriptInterface.java index 3f1ed12..6cd2a7b 100644 --- a/core/java/android/webkit/JavascriptInterface.java +++ b/core/java/android/webkit/JavascriptInterface.java @@ -25,9 +25,8 @@ import java.lang.annotation.Target; * Annotation that allows exposing methods to JavaScript. Starting from API level * {@link android.os.Build.VERSION_CODES#JELLY_BEAN_MR1} and above, only methods explicitly * marked with this annotation are available to the Javascript code. See - * {@link android.webkit.Webview#addJavaScriptInterface} for more information about it. + * {@link android.webkit.WebView#addJavascriptInterface} for more information about it. * - * @hide */ @SuppressWarnings("javadoc") @Retention(RetentionPolicy.RUNTIME) diff --git a/core/java/android/webkit/WebView.java b/core/java/android/webkit/WebView.java index 9d6d929..72afcc8 100644 --- a/core/java/android/webkit/WebView.java +++ b/core/java/android/webkit/WebView.java @@ -26,7 +26,6 @@ import android.graphics.Picture; import android.graphics.Rect; import android.graphics.drawable.Drawable; import android.net.http.SslCertificate; -import android.os.Build; import android.os.Bundle; import android.os.Looper; import android.os.Message; @@ -1479,10 +1478,20 @@ public class WebView extends AbsoluteLayout /** * Injects the supplied Java object into this WebView. The object is * injected into the JavaScript context of the main frame, using the - * supplied name. This allows the Java object's public methods to be - * accessed from JavaScript. Note that that injected objects will not + * supplied name. This allows the Java object's methods to be + * accessed from JavaScript. For API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN_MR1} + * and above, only public methods that are annotated with + * {@link android.webkit.JavascriptInterface} can be accessed from JavaScript. + * For API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN} or below, + * all public methods (including the inherited ones) can be accessed, see the + * important security note below for implications. Note that injected objects will not * appear in JavaScript until the page is next (re)loaded. For example: - * 
 webView.addJavascriptInterface(new Object(), "injectedObject");
+     * 
+     * class JsObject {
+     *    {@literal @}JavascriptInterface
+     *    public String toString() { return "injectedObject"; }
+     * }
+     * webView.addJavascriptInterface(new JsObject(), "injectedObject");
      * webView.loadData("", "text/html", null);
      * webView.loadUrl("javascript:alert(injectedObject.toString())");

      * 

@@ -1490,7 +1499,9 @@ public class WebView extends AbsoluteLayout
      * 

      *
      * @param object the Java object to inject into this WebView's JavaScript
@@ -1508,9 +1520,6 @@ public class WebView extends AbsoluteLayout
     public void addJavascriptInterface(Object object, String name) {
         checkThread();
         mProvider.addJavascriptInterface(object, name);
-        // TODO in a separate CL provide logic to enable annotations for API level JB_MR1 and above. Don't forget to
-        // update the doc, set a link to annotation and unhide the annotation.
-        // also describe that fields of java objects are not accessible from JS.
     }
 
     /**
diff --git a/core/java/android/webkit/WebViewClassic.java b/core/java/android/webkit/WebViewClassic.java
index a2c1575..d23f52c 100644
--- a/core/java/android/webkit/WebViewClassic.java
+++ b/core/java/android/webkit/WebViewClassic.java
@@ -55,6 +55,7 @@ import android.net.ProxyProperties;
 import android.net.Uri;
 import android.net.http.SslCertificate;
 import android.os.AsyncTask;
+import android.os.Build;
 import android.os.Bundle;
 import android.os.Handler;
 import android.os.Looper;
@@ -4119,10 +4120,17 @@ public final class WebViewClassic implements WebViewProvider, WebViewProvider.Sc
             return;
         }
         WebViewCore.JSInterfaceData arg = new WebViewCore.JSInterfaceData();
-        // TODO in a separate CL provide logic to enable annotations for API level JB_MR1 and above.
+
         arg.mObject = object;
         arg.mInterfaceName = name;
-        arg.mRequireAnnotation = false;
+
+        // starting with JELLY_BEAN_MR1, annotations are mandatory for enabling access to
+        // methods that are accessible from JS.
+        if (mContext.getApplicationInfo().targetSdkVersion >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
+            arg.mRequireAnnotation = true;
+        } else {
+            arg.mRequireAnnotation = false;
+        }
         mWebViewCore.sendMessage(EventHub.ADD_JS_INTERFACE, arg);
     }
 
-- 
cgit v1.1