/**
* Injects
the supplied Java object
into this WebView. The object
is
* injected
into the JavaScript context
of the main frame, using
the
* supplied
name. This allows
the Java object's methods
to be
* accessed
from JavaScript. For applications targeted
to API
* level {@link android.os.Build.VERSION_CODES
*
and above, only public methods
that are annotated
with
* {@link android.webkit.JavascriptInterface} can be accessed
from JavaScript.
* For applications targeted
to API level {@link android.os.Build.VERSION_CODES
* all public methods (including
the inherited ones) can be accessed, see
the
* important security note
below for implications.
* <p> Note
that injected objects will
not
* appear
in JavaScript
until the page
is next (re)loaded. For example:
* <pre>
*
class JsObject {
* {@literal @}JavascriptInterface
* public String toString() {
return "injectedObject"; }
* }
* webView.addJavascriptInterface(new JsObject(),
"injectedObject");
* webView.loadData(
"<!DOCTYPE html><title></title>",
"text/html", null);
* webView.loadUrl(
"javascript:alert(injectedObject.toString())");</pre>
* <p>
* <strong>IMPORTANT:</strong>
* <ul>
* <li> This method can be used
to allow JavaScript
to control
the host
*
application. This
is a powerful feature,
but also presents a security
* risk
for apps targeting {@link android.os.Build.VERSION_CODES
* Apps
that target a
version later than {@link android.os.Build.VERSION_CODES
* are still vulnerable
if the app runs
on a device
running Android earlier than
4.2.
* The most secure way
to use this method
is to target {@link android.os.Build.VERSION_CODES
*
and to ensure
the method
is called only when
running on Android
4.2 or later.
* With these older versions, JavaScript could use reflection
to access an
* injected object's public fields. Use
of this method
in a WebView
* containing untrusted content could allow an attacker
to manipulate
the
* host
application in unintended ways, executing Java code
with the
* permissions
of the host
application. Use extreme care when using this
* method
in a WebView which could
contain untrusted content.</li>
* <li> JavaScript interacts
with Java object
on a private, background
* thread
of this WebView. Care
is therefore required
to maintain thread
* safety.
* </li>
* <li> The Java object's fields are
not accessible.</li>
* <li> For applications targeted
to API level {@link android.os.Build.VERSION_CODES
*
and above, methods
of injected Java objects are enumerable
from
* JavaScript.</li>
* </ul>
*
* @param object
the Java object
to inject
into this WebView's JavaScript
* context. Null values are ignored.
* @param
name the name used
to expose
the object
in JavaScript
*/
public void addJavascriptInterface(Object object, String
name) {
checkThread();
mProvider.addJavascriptInterface(object,
name);
}
JS代码
//
...
$(
'[nctype="btn_item"]').on(
'click',
function() {
var type = $(this).attr(
'data-type');
var data = $(this).attr(
'data-data');
if(typeof window.android !=
'undefined') {
window.android.mb_special_item_click(type, data);
}
return false;
});
//
...
Java代码
webview
.addJavascriptInterface(
new Object() {
@JavascriptInterface
public void mb_special_item_click(
String type,
String data) {
Log.d(
TAG,
"mb_special_item_click: type = "+type+" ,data = "+data);
if (
type.equals(
"keyword")) {
Intent intent
= new Intent(SubjectWebActivity
.this, GoodsListFragmentManager
.class);
intent
.putExtra(
"keyword",
data);
intent
.putExtra(
"gc_name",
data);
SubjectWebActivity
.this
.startActivity(intent);
}
else if (
type.equals(
"special")) {
webviewID
.loadUrl(Constants
.URL_SPECIAL
+ "&special_id=" + data + "&type=html" + "&city_id=" + MyShopApplication
.getInstance()
.getAreaId());
}
else if (
type.equals(
"goods")) {
Intent intent
= new Intent(SubjectWebActivity
.this, GoodsDetailsActivity
.class);
intent
.putExtra(
"goods_id",
data);
SubjectWebActivity
.this
.startActivity(intent);
}
else if (
type.equals(
"url")) {
webviewID
.loadUrl(
data);
}
}
},
"android");
转载请注明原文地址: https://ju.6miu.com/read-38895.html
