Encoding issue when setting a content using javascript in android

Question

In webview I will be loading static html file with css.

webView.loadUrl("file:///android_asset/customhtml.html

In that html I have also set encoding in meta tag as <meta http-equiv="content-type" content="text/html; charset=utf-8"/>

After this file is loaded I will be setting content as

webView.loadUrl("javascript:setContent(" + JSONObject.quote(content)+")");

here is javascript

`function setContent(contentToSet)
{ 
    setBaseURL();
    var mailContentElement = document.getElementById('mailcontentid'); 
    mailContentElement.innerHTML = ""
    handleContentinHTML($('mailcontentid'),contentToSet);
    androidResponse(true);   //method to call android js interface
}

function handleContentinHTML (contentEl, value)
{
    contentEl.innerHTML = value;
}`

Problem: When setting contentlike filename=0000%3Cimg%20src%3da%20onerror%3dalert(test)%3Eb4911111 this gets converted to html image tag and alert message is shown. This content is not displayed exactly as in text form.

some tests I tried:

1 - settinge encoding in webview settings settings.setDefaultTextEncodingName("utf-8");

2 - convert the html file to string and load as myWebView.loadDataWithBaseURL(null, convertfiletohtmlString, "text/html", "utf-8", null); and setting the content using javascript.

3 - using escape(contentToSet) in javascript ;

Nothing seems to work. Please help me an post your suggestions.

Set the `textContent` instead of `innerHTML`. – Teemu Jan 16 '15 at 15:56 — Teemu, Jan 16 '15 at 15:56

score 1 · Accepted Answer · answered Jan 23 '15 at 10:15

1

I did not check this in lower versions at first. When I checked, it was working fine in lower versions < kitkat. Finally I realized the we need to use evaluateJavascript() for executing javascripts post kitkat. When I used this the problem was solved. But till not sure why loadUrl() not support encoding for executing javascripts.

Thanks for the support.

answered Jan 23 '15 at 10:15

arul

190
2
15

1

Yes! I came across an edge case where some arbitrary json content (escaped using StringEscapeUtils.escapeJavaScript) threw this error: Unexpected token ILLEGAL" But if I use evaluateJavascript the error does not occur. I'm going to take your word for it that loadUrl works in versions lower than SDK 19 :-D – micwallace Feb 20 '16 at 10:26

score 0 · Answer 2 · edited May 23 '17 at 11:50

0

Make an HTML escape function:

function htmlEscape(str) {
    return String(str)
            .replace(/&/g, '&amp;')
            .replace(/"/g, '&quot;')
            .replace(/'/g, '&#39;')
            .replace(/</g, '&lt;')
            .replace(/>/g, '&gt;');
}

(taken from the best answer to this question).

Then change your function to call this:

function handleContentinHTML (contentEl, value)
{
    contentEl.innerHTML = htmlEscape(value);
}

Although if you are using JQuery you could just use text() to set this:

function handleContentinHTML (contentEl, value)
{
    contentEl.text(value);
}

edited May 23 '17 at 11:50

Community

1
1

answered Jan 09 '15 at 09:11

SilverlightFox

32,436
11
76
145

This does not work in my case :( , because the content I get will be in encoded form only. I only need to decode some special chars like this case. – arul Jan 16 '15 at 14:01

Encoding issue when setting a content using javascript in android

2 Answers2