All geek questions in one place

Why is openFileChooser in WebChromeClient hidden from documents? Is it safe to use this method?

Most of the places I see the file upload function in WebView implemented using the openFileChooser() method. Is it legal / safe to use this method? If I use this in code, will my code break anywhere? Any security issues if I use this method?

Why does android hide this API in older versions? Only in / above 5.0 did they introduce the onShowFileChooser () method, which means that they do not officially support downloading files in web views below 5.0?

+6
source share
2 answers

Using old openFileChooser(...) callbacks has no security implications. This is just great. The only drawback is that it will not be called at some levels of the platform and therefore does not work.

  • void openFileChooser(ValueCallback<Uri> uploadMsg) runs on Android 2.2 (API level 8) to Android 2.3 (API level 10)
  • openFileChooser(ValueCallback<Uri> uploadMsg, String acceptType) runs on Android 3.0 (API level 11) to Android 4.0 (API level 15)
  • openFileChooser(ValueCallback<Uri> uploadMsg, String acceptType, String capture) runs on Android 4.1 (API level 16) to Android 4.3 (API level 18)
  • onShowFileChooser(WebView webView, ValueCallback<Uri[]> filePathCallback, WebChromeClient.FileChooserParams fileChooserParams) runs on Android 5.0 (API level 21) and higher

You can use a library that abstracts it and takes care of all these callbacks at different levels of the platform so that it just works. Example:

https://github.com/delight-im/Android-AdvancedWebView

You can also check how this is done in the source:

https://github.com/delight-im/Android-AdvancedWebView/blob/0f06e73ecee13ebc4552ac00bc0848e18662a25d/Source/src/im/delight/android/webview/AdvancedWebView.java#L597

https://github.com/delight-im/Android-AdvancedWebView/blob/0f06e73ecee13ebc4552ac00bc0848e18662a25d/Source/src/im/delight/android/webview/AdvancedWebView.java#L1044

The fact that it is undocumented means that you cannot rely on it. When it was introduced in Android 2.2, no one could know that it would stop working in Android 4.4, but you have to accept it.

+11
source

Since this is not described in WebChromeClient , no , it is not a secure API, but yes it is legal.

But you can still use it. Be sure to understand any mistake. But the process cannot be guaranteed to work.

0
source

Source: https://habr.com/ru/post/986661/

More articles:


All Articles