2

I have a pretty basic code for a webview app:

package com.budget.noname.budget;

import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.webkit.WebSettings;
import android.webkit.WebView;

public class MainActivity extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        String data = "<p id='v'></p><script>x=3; y=5; m=0; document.getElementById('v').innerHTML = m;</script>";
        WebView simpleWebView=(WebView) findViewById(R.id.simpleWebView);
        WebSettings webSettings = simpleWebView.getSettings();
        webSettings.setJavaScriptEnabled(true);
        webSettings.setAllowContentAccess(true);
        webSettings.setAllowFileAccess(true);
        webSettings.setDomStorageEnabled(true);
        //simpleWebView.loadUrl("file:///android_asset/index.htm");
        simpleWebView.loadDataWithBaseURL(null, data, "text/html", "UTF-8", "");

    }
}

If I put my webapp (index.htm) in the assets folder and load it, it works perfectly, but my code is available for anyone who cares to extract the .apk.

I was trying to paste the code on a String and the load it with loadDataWithBaseURL. It worked almost as well. The thing is: if I try to access the localStorage, the code breaks. Why is that?

Example:

String data = "<script>x=localStorage.getItem('name');</script>";

Doesn't work!!! Although, as I said, if I load the same code from the assets folder, it works.

SergGr
  • 23,570
  • 2
  • 30
  • 51
  • 1
    Which error your getting. do you have Read / write permissions for Internal storage declared in your manifest ? – King of Masses Aug 09 '17 at 05:27
  • I don't get any erros, cause I don't know how to debug webapp. Is just that simple: any html/javascript code I write works, except localStorage tags. –  Aug 09 '17 at 05:31
  • @Baruch, the tag was auto suggest –  Aug 09 '17 at 05:32
  • @Baruch, I'm not sure why you think this question is not related to JavaScript. If I understand question correctly, the error happens during JavaScript execution inside WebView inside an Android app. – SergGr Aug 12 '17 at 15:01
  • @VictorRibeiro, Have you looked at the [Debugging Web Apps](https://developer.android.com/guide/webapps/debugging.html#WebView)? See also [How can I see Javascript errors in WebView in an Android app?](https://stackoverflow.com/questions/14859970/how-can-i-see-javascript-errors-in-webview-in-an-android-app) – SergGr Aug 12 '17 at 15:06

1 Answers1

1

Just like already stated here before:

The access to localStorage is only allowed on pages from certain "Web-safe" schemes, like http:, https: and file:. It doesn't work for about: and data: schemes for example, or for any custom scheme you might be using.

If you take a look at the loadDataWithBaseURL()'s docs, we can see the following statement to baseUrl param:

String: the URL to use as the page's base URL. If null defaults to 'about:blank'.

This explains why only your file:/// example works, and also means that you'll have to pass something valid to this param. You can load whatever URL you want, like:

webView.loadDataWithBaseURL("http://google.com", data, "text/html", "UTF-8", "");

Or even http://localhost:80 will get it working.

However, this won't make your localStorage values available for other instances of WebView (they do not conversate on Android, by default). A common option is using another library that abstracts it for you, like AndroidLocalStorage, e.g.

diogo
  • 3,769
  • 1
  • 24
  • 30
  • Thanks a lot man. Do you know any pratical way of making the access to a assets folder a little harder than just "extracting" the apk? –  Aug 13 '17 at 09:09
  • It's basically not possible. Take a look: https://stackoverflow.com/questions/18151308/how-to-secure-the-assets-stored-in-android-apk Actually, I don't know how much complexity you'll have to add in order to encrypt files into the Android app itself. I'd suggest requesting these resources remotely (from a rest, e.g.), it's an option... – diogo Aug 14 '17 at 12:33