1.
http://developer.android.com/reference/android/webkit/JavascriptInterface.html
由此可见 》=api17 的要想java 代码与网页交互,js调用的java 内部方法必须添加 该注解:@JavascriptInterface
之前的任何的public的函数都可被js调用。这样的话可以起到过滤的作用,提高了代码的安全性。
2.
http://developer.android.com/guide/topics/manifest/provider-element.html
android:exported
true
: The provider is available to other applications. Any application can use the provider's content URI to access it, subject to the permissions specified for the provider.false
: The provider is not available to other applications. Setandroid:exported="false"
to limit access to the provider to your applications. Only applications that have the same user ID (UID) as the provider will have access to it.
The default value is "true"
for applications that set either android:minSdkVersion
orandroid:targetSdkVersion
to "16"
or lower. For applications that set either of these attributes to "17"
or higher, the default is "false"
.
You can set android:exported="false"
and still limit access to your provider by setting permissions with the permission
attribute.