/**
* Injects the supplied Java object into this WebView. The object is
* injected intothe JavaScript context ofthe main frame, using the
* supplied name. This allows the Java object's methods to be
* accessed from JavaScript. For applications targeted to API
* level {@link android.os.Build.VERSION_CODES#JELLY_BEAN_MR1}
* andabove, only public methods that are annotated with
* {@link android.webkit.JavascriptInterface} can be accessed from JavaScript.
* For applications targeted to API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN} or below,
* all public methods (including the inherited ones) can be accessed, see the
* important security note belowfor implications.
* <p> Note that injected objects will not
* appear in JavaScript untilthe page is next (re)loaded. For example:
* <pre>
* class JsObject {
* {@literal @}JavascriptInterface
* public String toString() { return"injectedObject"; }
* }
* webView.addJavascriptInterface(new JsObject(), "injectedObject");
* webView.loadData("<!DOCTYPE html><title></title>", "text/html", null);
* webView.loadUrl("javascript:alert(injectedObject.toString())");</pre>
* <p>
* <strong>IMPORTANT:</strong>
* <ul>
* <li> This method can be used to allow JavaScript to control the host
* application. This is a powerful feature, but also presents a security
* risk for apps targeting {@link android.os.Build.VERSION_CODES#JELLY_BEAN} or earlier.
* Apps that target a version later than {@link android.os.Build.VERSION_CODES#JELLY_BEAN}
* are still vulnerable ifthe app runs on a device running Android earlier than 4.2.
* The most secure way to use this method isto target {@link android.os.Build.VERSION_CODES#JELLY_BEAN_MR1}
* andto ensure the method is called only when runningon Android 4.2or later.
* With these older versions, JavaScript could use reflection to access an
* injected object's public fields. Use of this method in a WebView
* containing untrusted content could allow an attacker to manipulate the
* host applicationin unintended ways, executing Java code withthe
* permissions ofthe host application. Use extreme care when using this
* method in a WebView which could contain untrusted content.</li>
* <li> JavaScript interacts with Java object on a private, background
* thread of this WebView. Care is therefore required to maintain thread
* safety.
* </li>
* <li> The Java object's fields are not accessible.</li>
* <li> For applications targeted to API level {@link android.os.Build.VERSION_CODES#LOLLIPOP}
* andabove, methods of injected Java objects are enumerable from
* JavaScript.</li>
* </ul>
*
* @param object the Java object to inject into this WebView's JavaScript
* context. Null values are ignored.
* @param namethename used to expose the object in JavaScript
*/
public void addJavascriptInterface(Object object, String name) {
checkThread();
mProvider.addJavascriptInterface(object, name);
}
JS代码
//...
$('[nctype="btn_item"]').on('click', function() {
var type = $(this).attr('data-type');
var data = $(this).attr('data-data');
if(typeof window.android != 'undefined') {
window.android.mb_special_item_click(type, data);
}
return false;
});
//...
扫一扫
5126
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
