我现在写的程序是基于 webview 的,程序中又遇到了网页版支付宝支付,里面就有这么一个链接,这个链接在访问之后,会打开支付宝程序:
intent://platformapi/startapp?appId=20000013&pwdType=ordinaryPassword&_t=1456301771669#Intent;scheme=alipays;package=com.eg.android.AlipayGphone;end
看下这个东西是怎么生成的:http://bbs.mobiletrain.org/thread-31234-1-1.html
具体关于这个的介绍(我怕链接没了,所以转载了 2017 年 12 月 01 日 19:15:35 更新: 乌云果然没了, 哎..):Intent scheme URL attack 或者原文:http://drops.wooyun.org/papers/2893
人家是黑程序的,不过最后也好心给了上面的链接解析的方法:
// convert intent scheme URL to intent object
Intent intent = Intent.parseUri(uri);
// forbid launching activities without BROWSABLE category
intent.addCategory("android.intent.category.BROWSABLE");
// forbid explicit call
intent.setComponent(null);
// forbid intent with selector intent
intent.setSelector(null);
// start the activity by the intent
context.startActivityIfNeeded(intent, -1);
上面是前几年的代码,现在已有所改动,Intent.parseUri 参数已经变了,参看下面的代码:
Intent intent;
try {
intent = Intent.parseUri(url, Intent.URI_INTENT_SCHEME);
// forbid launching activities without BROWSABLE
// category
intent.addCategory("android.intent.category.BROWSABLE");
// forbid explicit call
intent.setComponent(null);
// forbid intent with selector intent
intent.setSelector(null);
// start the activity by the intent
startActivityIfNeeded(intent, -1);
} catch (URISyntaxException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
亲测成功
mNewWebView.setWebViewClient(new WebViewClient() {
@Override
public boolean shouldOverrideUrlLoading(WebView view, String url) {
// intent://platformapi/startapp?appId=20000013&pwdType=ordinaryPassword&_t=1456301771669#Intent;scheme=alipays;package=com.eg.android.AlipayGphone;end
if (url.startsWith("intent://")) {
Intent intent;
try {
intent = Intent.parseUri(url, Intent.URI_INTENT_SCHEME);
// forbid launching activities without BROWSABLE
// category
intent.addCategory("android.intent.category.BROWSABLE");
// forbid explicit call
intent.setComponent(null);
// forbid intent with selector intent
intent.setSelector(null);
// start the activity by the intent
startActivityIfNeeded(intent, -1);
} catch (URISyntaxException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return true;
}
view.loadUrl(url);
return true;
}
});