Why openFileChooser in WebChromeClient is hidden from the docs? Is it safe to use this method?

Question

Most of the places I see, file upload feature in WebView is implemented using openFileChooser() method. Is it legal/safe to use this method? If I use t

Answer 1

Since this is not documented in WebChromeClient, no it is not a safe API, but yes it is legal.

But you can still use it. Make sure to catch any error. But the process cannot be guaranteed to work.

Answer 2

Using the old openFileChooser(...) callbacks does not have any security implications. It's just fine. The only downside is that it will not be called on some platform levels and therefore not work.

• void openFileChooser(ValueCallback<Uri> uploadMsg) works on Android 2.2 (API level 8) up to Android 2.3 (API level 10)
• openFileChooser(ValueCallback<Uri> uploadMsg, String acceptType) works on Android 3.0 (API level 11) up to Android 4.0 (API level 15)
• openFileChooser(ValueCallback<Uri> uploadMsg, String acceptType, String capture) works on Android 4.1 (API level 16) up to Android 4.3 (API level 18)
• onShowFileChooser(WebView webView, ValueCallback<Uri[]> filePathCallback, WebChromeClient.FileChooserParams fileChooserParams) works on Android 5.0 (API level 21) and above

You can use a library that abstracts this away and takes care of all these callbacks on different platform levels so that it just works. Example:

https://github.com/delight-im/Android-AdvancedWebView

You can also check out how it's done in the source:

https://github.com/delight-im/Android-AdvancedWebView/blob/0f06e73ecee13ebc4552ac00bc0848e18662a25d/Source/src/im/delight/android/webview/AdvancedWebView.java#L597

https://github.com/delight-im/Android-AdvancedWebView/blob/0f06e73ecee13ebc4552ac00bc0848e18662a25d/Source/src/im/delight/android/webview/AdvancedWebView.java#L1044

The fact that it's undocumented just means that you can't rely on it. When it was introduced in Android 2.2, nobody could know that it would stop working in Android 4.4, but you had to accept it.