stackoom
  简体   繁体   中英

Can I inject Javascript code into Chrome Custom Tabs

 原文  2016-01-11 22:41:56       javascript/ android/ android-webview/ chrome-custom-tabs

Question

In my app, I am currently using a web view to display some content. Then, I use Javascript injection to quickly fill out the form for the user.

The only issue is, Webviews are incredibly slow compared to Chrome Custom tabs. Is it possible to inject Javascript code into these custom tabs?

For example, here is some code I currently use:

myWebView.loadUrl("javascript:document.getElementById('join_first_name').value='" + name + "';void(0); ");

4 answers

solution1
 32  2016-01-11 22:44:17

No; that would be a critical security hole.

Since custom tabs use cookies, settings, and password managers from the user's real Chrome instance, you cannot control them at all.

solution2
 10  2019-03-19 05:06:07

Chrome prohibits you from doing any of that. If this were allowed then it would be a major security flaw since you can modify the page within the app.

Suppose you have an app that has a facebook sign in. If this were possible, one could also steal someone's login credentials.

With Chrome Custom tabs, you don't have much control over the content that is served. You should probably try an alternative, like passing the first name as a URL parameter and then write a script on that page to read the parameter and fill the form out.

solution3
 3  2019-03-20 12:59:58

you need to do it like that by using data:text/html, as prefix for your script

Try that in your browser tab

data:text/html,<script>alert("hello")</script>

it will fire the javascript and alert, and as well you can print some in html from url

so i guess you need just to open the tab with the script

 String suffix = "data:text/html,"
 String script = "<script>document.getElementById('join_first_name').value='" + name + "';</script>"
 String url = suffix + script
 myWebView.loadUrl(url);

It's browser behaviour in desktop and mobile

I haven't try it in WebView.loadUrl and actually still if it's done by WebView.loadUrl it will be a security hole

solution4
 2  2019-03-21 17:23:54

There's supposed to be no way to inject Javascript to Chrome web browser. If you can execute the Javascript queries to chrome via some third party apps , thereby you can read all the cookies, clear every sessions, and whatever the javascript is capable of. Which is really a huge security flaw .

What you can do is to load your URL in webview and execute the javascripts there. That's the only possible i've ever heard of. This is the same technique used for EPUB documents, where we load the complete HTML content in webview then we execute external Javascript queries into that view, so you can modify the HTML, CSS attributes .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can I inject javascript code from the address bar into a flash video How can I inject JavaScript code to periodically refresh a page Can i inject javascript into iframe? Can I format my JavaScript/JQuery code with linebreaks and tabs? Chrome.tabs.executeScript(); + .addEventListener(“click”, …); to inject code into active webpage through chrome extension Chrome debugger inject javascript Chrome Extension Content Script - Inject Javascript before page code Chrome extension can't inject code on button press Offline First! Can't inject Chrome extension code into Offline pages Chrome Extension: How do I inject CSS and Javascript into a certain URL?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM