发表新帖
发表新帖

Can I inject Javascript code into Chrome Custom Tabs

后端 未结
关注
4 886
既然无缘
既然无缘 2021-01-07 19:05

In my app, I am currently using a web view to display some content. Then, I use Javascript injection to quickly fill out the form for the user.

The only issue is, W

相关标签:
4条回答
  • 粉色の甜心
    2021-01-07 19:34

    Chrome prohibits you from doing any of that. If this were allowed then it would be a big security issue since you can modify the page within the app.

    Suppose you have an app that has a facebook sign in. You can use the above method to steal someone's login info. But since injecting javascript isn't allowed we cannot do that.

    With Chrome Custom tabs, you don't have much control over the content that is served. You should probably try an alternative, like passing the first name as a URL parameter and then write a script on that page to read the parameter and fill the form out.

    0 讨论(0)
  • 旧时难觅i
    2021-01-07 19:49

    No; that would be a critical security hole.

    Since custom tabs use cookies, settings, and password managers from the user's real Chrome instance, you cannot control them at all.

    0 讨论(0)
  • 梦谈多话
    2021-01-07 19:49

    you need to do it like that by using data:text/html, as prefix for your script

    Try that in your browser tab 

    data:text/html,<script>alert("hello")</script>

    it will fire the javascript and alert , and as well you can print some in html from url

    so i guess you need just to open the tab with the script

     String suffix = "data:text/html,"
 String script = "<script>document.getElementById('join_first_name').value='" + name + "';</script>"
 String url = suffix + script
 myWebView.loadUrl(url);

    It's browser behaviour in desktop and mobile

    I haven't try it in WebView.loadUrl and actually still if it's done by WebView.loadUrl it will be a security hole

    0 讨论(0)
  • 余生分开走
    2021-01-07 19:53

    There's supposed to be no way to inject Javascript to Chrome web browser. If you can execute the Javascript queries to chrome via some third party apps, thereby you can read all the cookies, clear every sessions, and whatever the javascript is capable of. Which is really a huge security flaw.

    What you can do is to load your URL in webview and execute the javascripts there. That's the only possible i've ever heard of. This is the same technique used for EPUB documents, where we load the complete HTML content in webview then we execute external Javascript queries into that view, so you can modify the HTML, CSS attributes.

    0 讨论(0)
 看不清?
提交回复
热议问题