As shown here it is possible to:
1. Create an Android WebView with setJavaScriptEnabled=true
2. Load a URL
3. Override onPageFinished and change the Web page displayed to the user
Now, is it possible for the Web page owner to implement anything server-side which prevents this from happening? The risk is that a malicious app could spoof the user by amending the Web page for nefarious means...
Many thanks!
It is not really possible to prevent the web response being modified. You can only think of making it difficult for the spoofer to edit it.
Related
I was wondering if there is a best practice in Android about WebView/Browsers. I want to open an url in my app to show a web page but I do not have anything to retrieve from that page so I do not need to show it in a webview inside my app. Should I show that page in a browser or in a webview ?
If you should open an URL in WebView or Browser that totally depends upon your requirements. Still I am adding some points that you can consider:
Browser:
If you have some data like Privacy Policy of your organization, that just for user information. You do not require any inputs from user.
WebView:
If you want to,
Customize content of URL
Get some input from User
Send some information to Server
Thank You!
Quick Answer:
From your context, it looks going the Browser way is good enough.
Details:
When you don't have user inputs to process and it is not part of the user-flow in your app, go about showing it in the Browser. It's easier that way, because you don't have to manage anything explicitly.
When you have something to process or that this window is some part of your in-app flow, you should go the WebView way. It gives you the power to manage things and you really need to code of situations like user pressing "back button", and the like. I mean, you're the owner of the life-cycle management of the WebView and see how it seamlessly fits in your user flow while (s)he is at it.
All in the title.
Are there any benefit for anyone that this header is being set every time automatically? Do anyone know the idea behind this spec?
The purpose of having this header automatically added by WebView is to identify requests coming from apps. Apps can use WebView to manipulate organic traffic flow in order to monetize their ads, commit clickfraud, etc. The value of the user agent string can be changed by the app, while the value of this header can't.
Besides that, the header is used by people who need to know who displays their content by analyzing server logs. User agent string can also be used for that, but alone it is often not enough for distinguishing between Chrome (and various browsers cloned from it) and Android WebView (and as I mentioned above apps can change the UA string).
Some people (mostly ad platforms) are also interested knowing what app uses WebView for displaying their content -- X-Requested-With provides exactly that information.
One caveat with X-Requested-With is that jQuery uses it for XHR requests (X-Requested-With: XMLHttpRequest), and some servers don't check the value of this header and always return a JSONed content when they encounter it. Thus, when you try retrieving content from such a server using Android WebView, you receive some JSON garbage instead of expected HTML.
is it possible to get callback whenever a url is opened from the android browser.
getallvisitedurls() method returns just url, I want it in realtime and with timestamp of the access.
This is not possible. The Android Browser does not emit a broadcast or anything like that whenever the user opens a URL in it. Besides, the user may be using a third party browser instead of the default one.
The only way you could do this is by making your own browser app and have the user use that one instead of the default browser that came with their ROM.
I believe it is possible to do so by using retrieveRequestToken.
The Twitter API returns a callback for OAuth, so I think it would be possible.
Have a look at this post. It explains how it is to be done and it sounds all good to me.
Note : I haven't tried it myself. So no guarantees. :)
My application has to login to a website by posting a form, and keep track of the cookie provided till the application is terminated.
I have achieved this using the "WebView" class. I have doubts on weather this is the most efficient way to achieve this as I do not wish to display any webpages but Simply submitting another form once logged in.
Is their any other solution/Classes that can handle this with less traffic (smaller footprint)?
You can submit data to the login form just as you can to any other.
Using the HTTP library you can add a payload (of type x-www-form-encoded) to a RequestEntity. The JavaDocs are fairly clear on how to do this.
This is what I need to do:
I have an app running in the background. Now when the user is browsing and comes across an 'interesting' URL, he can make a gesture and send the URL to the external app. The app then processes it.
I can think of two way of doing this(though I am not sure if either is possible)
1. Program something like a hook that senses the particular gesture or key press and sends the URL to the app
Write something like an add on to the browser.
My question is, is any of this possible. If yes, could you give me a few hints so that I can go ahead. If not, then is there any other way to do it?
Thanks,
Sandip
Short answer : You can't use the android browser like this.
Long answer : The android browser is an application. The only way you can interact with it is to call it with an argument (a URL). And... that's all. You can't write an extension to the browser like you can do in Chrome.
If you want to control the browser, use a webview, but even in that case, you won't have the ability to detect gesture.
What you're trying to do is not possible.
Take a look at WebViewClient.shouldOverrideUrlLoading. It should allow you to be notified when a new URL is loaded.
http://developer.android.com/reference/android/webkit/WebViewClient.html#shouldOverrideUrlLoading%28android.webkit.WebView,%20java.lang.String%29