2

Ok so I was using : 

String url ="http://www.example.com";
Intent i = new Intent(Intent.ACTION_VIEW);
i.setData(Uri.parse(url));
startActivity(i);

To send the user to visit a url on his device's browser then I was wondering if it would be possible to send a javascript code via an intent to be run on the devices browser something like javascript:alert('hello') because typing that in the browser will run it so is it possible to do it via an intent ? If it is possible wouldnt that be some sort of security flaw in android ? Any documentation or example would be nice for further ressearch. Thanks

I would also like to mention that I have tried to pass javascript code via the setData() but it just froze the UI without giving any error.

Amr El Aswar
  • 3,395
  • 3
  • 23
  • 36
  • Try this: http://stackoverflow.com/a/10481108/5392825 – Yasir Tahir May 25 '16 at 11:46
  • @YasirTahir this isnt what I am trying to do, I am well aware of how to run javascript on a webview in my activity but the question here adresses another problem – Amr El Aswar May 25 '16 at 11:49
  • I suggest you read this developer documentation regarding WebView, JavaScript and security: https://developer.android.com/reference/android/webkit/WebView.html – jaolstad May 25 '16 at 11:52
  • @jaolstad Please read my question carefully my goal is not to run javascript in a webview in my app but to know if it would be possible to send javascript code as data in an intent to be run by the device's browser. – Amr El Aswar May 25 '16 at 12:12

2 Answers2

1

because typing that in the browser will run it

That would depend on the browser. There are many Web browser implementations for Android. I would not assume that all Web browsers on Android support the javascript scheme in the address bar, though some might.

so is it possible to do it via an intent ?

That would depend on the browser. There are many Web browser implementations for Android. In general, I would not expect javascript to be a supported scheme, but there may be workarounds for that limitation.

If it is possible wouldnt that be some sort of security flaw in android ?

Possibly. It would depend on the browser and how it handled the Intent. There are many Web browser implementations for Android. It would not be a security flaw in Android, any more than bugs in Windows apps represent security flaws in Windows.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • But assuming the browser does support running the javascript scheme in browser (because the android stock webbrowser does) would'nt be a lack of security to let users pass javascript code via an intent since intents are handled by android ? And first of all can it even be done ? – Amr El Aswar May 25 '16 at 11:56
  • @Amroelaswar: "because the android stock webbrowser does" -- there is no single "android stock webbrowser". "would'nt be a lack of security to let users pass javascript code via an intent since intents are handled by android ?" -- not necessarily. Showing an alert dialog with the string `hello` on an empty Web page is not a "lack of security". "And first of all can it even be done ?" -- that would depend on the browser. There are many Web browser implementations for Android. I have not tried this for any particular browser. – CommonsWare May 25 '16 at 12:07
  • Thanks for your answers , but what I would like to know is assuming the browser does support it does android let you do it ? As I said in my question I tried sending javascript with the intent setData() method and it froze the app without giving any error for some reason. And lastly the alert showing hello was only am example , as you probably know android does not let you access cookies from other app's webviews but wont being able to run code that could make use of these cookies be bypassing this restriction? – Amr El Aswar May 25 '16 at 12:22
  • @Amroelaswar: "does android let you do it ?" -- Android does not necessarily get a vote as to whether a browser handles JavaScript or not, let alone via an `Intent`. Android is an operating system. Browsers are apps. Some browsers use an OS-supplied Web browsing component called `WebView`. Some browsers do not. "but wont being able to run code that could make use of these cookies be bypassing this restriction?" -- possibly. That would depend on the browser. There are many Web browser implementations for Android. I have not tried this for any particular browser. – CommonsWare May 25 '16 at 12:29
0

Here is full guide about using JavaScript in Android web-view apps: https://developer.android.com/guide/webapps/webview.html

Alex
  • 617
  • 4
  • 15