In the Android GoogleAnalytics API v1 is the GoogleAnalyticsTracker class where you can start trackPageView.
I don't find these in v3. Do you know the equivalent? I want to track a webview like the javascript does in the browser.
Or do you know how I can enable the javascript part in the HTML in the webview. Even if I enable Cookies and do webView.setJavaScriptEnabled(true), the page gets not tracked.
Javascript in the webview works as it should. You have to set webView.setJavaScriptEnabled(true) and webView.loadUrl("...").
My problem was that the app didn't use loadUrl(...), but loadDataWithBaseURL(...) (HTML content as String) which does not execute JavaScript.
Related
Login SDK from platforms like Facebook allows you to login using WebView when Facebook app is not available. After a success login from their implementation of WebView, it will send back an Intent data which then can be use to get some data like token. (I could be wrong but as far as I remember this is what is happening before)
I am only familiar on Android and what I did before is launching the website using WebView then annotate my define methods using #JavascriptInterface so I can retrieve events and data coming from the site. For sending data I use evaluateJavascript("someJSMethod(data)").
Sample of retrieving events from website using WebView:
webView.addJavascriptInterface(new WebAppInterface() {
#JavascriptInterface
public void sampleCallbacks() {
// Do your stuff
}
}, "JSInterface");
Sample of sending events to website using WebView:
webView.evaluateJavascript("sampleJSMethod(data)", s -> {
});
But you will have to enable JavaScript in WebView settings and there is a lint warning that it can introduce XSS vulnerability, thus I do not know if this is a good practice. On iOS side I read it can do the same but I want to confirm if AppStore will allow it or there is a condition which needs to be met. We only want to use the WebView for registration so it is not technically a WebView app in which PlayStore usually disapprove. Is there a way to replicate this said behavior but using Intent and activity result?
I need to load a web application inside WebView and need to click on a certain button / or perform UI automation,
Is it possible to do that?
It is part of the android application, not testing.
I don't recommand using Selenium, but instead use Javascript events or JQuery.
For example you can add javascript to a webview.
Add javascript into WebView
And then you can use JQuery user interface like this:
$( document ).ready(function() {
$("#button-id").click();
});
I received a warning from Google Play Console that refers me to this page because I used JavaScript Interface in my app and suggest two options to solve the problem .
Option 1 tells :
Ensure that there are no objects added to the JavaScript interface of
any WebView that loads untrusted web content. You can do this in two
ways:
Ensure that no objects are ever added to the JavaScript interface
via calls to addJavascriptInterface.
Remove objects from the JavaScript interface in shouldInterceptRequest
via removeJavascriptInterface before untrusted content is loaded by
the WebView.
but I can't understand what google exactly says specially on :
Remove objects from the JavaScript interface in shouldInterceptRequest
via removeJavascriptInterface before untrusted content is loaded by
the WebView
can someone tell me more explanation ?
You can resolve this issue in following ways:
If your website supports HTTPS, use "https://" prefix in loadUrl method.
You can set android:usesCleartextTraffic to false in your Manifest or set a Network Security Config that disallows HTTP traffic. It also means that your website should run on HTTPS.
Now, coming to your question about "Remove objects from the JavaScript interface in shouldInterceptRequest via removeJavascriptInterface before untrusted content is loaded by the WebView" : It mean that your app should remove (or disable) JavaScriptInterface whenever there is any non HTTPS URL is loaded within the WebView.
After doing any of these, you need to update APK on Play Console.
Conclusion is that if you want to use JavaScriptInterface, better use HTTPS on your website. If you use HTTP, JavaScriptInterface won't be allowed by Google Play.
I faced the same problem, and have not been able to figure this out, either. What worked for me, documented in How to address "Remediation for JavaScript Interface Injection Vulnerability"?, was to use WebView.evaluateJavascript. Alas, that is not a full replacement for all use cases of JavascriptInterface, but maybe it's sufficient for your purposes.
I just release an update without doing something special and warning disappeared BUT not sure it will came back again or not
So I've created a simple WebView application that wraps an already existing mobile friendly site and displays it on the device. I've enabled javascript, supported screen orientation changes, etc...
I've run into an issue with the oAuth support though. Accessing the site from the chrome browser on the device, everything runs fine.
If I try to access the site from the app/WebView, it will push me over to the oAuth screen, let me input credentials and everything, but the moment it tries to push me back to the website and log me in, I get this:
Failed to recognize URL query:
https://exittix.com/frontend/login/redirect.html#access_token=******************************&expires_in=********&state=****client_id=******************network*****facebook*****display***popup****callback****_hellojs_agj27sx5****state****oauth_proxy***https***auth-server.herokuapp.com%2Fproxy***scope***basic_profile***email***basic***oauth***version***auth***https***facebook.com%2Foauth***
The * is used to protect data.
So, any ideas why oAuth isn't working inside a JS enabled webview but works fine in the mobile chrome browser for android?
Thanks in advance for your help!
EDIT:
Ok, so I've tracked the error I'm getting back to redirect.html.
This page calls some javascript. If the javascript fails to redirect, then it displays that error I have above instead.
The javascript being called to handle the oAuth is Andrew Dodson's hello.js script.
You can see it HERE.
I've concluded that the second half of the error's url is indeed the unhandled JSON.
Here's what the returned data looks like after I've decoded it from the URL encoded characters:
{"client_id":"************.apps.googleusercontent.com","network":"google","display":"popup","callback":"_hellojs_********","state":"","oauth_proxy":"https://auth-server.herokuapp.com/proxy","scope":["https://www.googleapis.com/auth/userinfo.profile","https://www.googleapis.com/auth/userinfo.email","basic"],"oauth":{"version":2,"auth":"https://accounts.google.com/o/oauth2/auth"}}&access_token=***.*.*****_*********************************************************&token_type=Bearer&expires_in=3600
Any ideas why this isn't getting handled properly in the WebView?
Is it possible to add a JavaScript interface to the Android Browser the same way one can be added to the WebView Component as illustrated in this demo. My particular use case only needs JavaScript -> android so that I can send it back to the previous activity.
You can invoke methods and functions in your webview by using javascript url's, e.g.
webview.loadUrl("javascript:somemethod()");
You will, of course, need to enable javascript on your webview:
webview.getSettings().setJavaScriptEnabled(true);
This is from java to javascript. If you want to invoke java code / android API's from javascript, use addJavascriptInterface()
webview.addJavascriptInterface(new MyJSJavaBridge(), "api");
All of this is shown in the example url you posted as well.
You can do it using jsinterface.
First you need to make the browser jsinterface enabled and then you may call to Android method from the HTML of your browser.
You may , get a fair example and idea here ...
http://android-puremvc-ormlite.blogspot.com/2011/07/using-java-script-in-android-webview.html