public void addJavascriptInterface (Object object, String name)
Since: API Level 1
Injects the supplied Java object into this WebView. The object is injected into the JavaScript context of the main frame, using the supplied name. This allows the Java object's public methods to be accessed from JavaScript. Note that that injected objects will not appear in JavaScript until the page is next (re)loaded. For example:
webView.addJavascriptInterface(new Object(), "injectedObject");
webView.loadData("", "text/html", null);
webView.loadUrl("javascript:alert(injectedObject.toString())");
IMPORTANT:
- This method can be used to allow JavaScript to control the host application. This is a powerful feature, but also presents a security risk, particularly as JavaScript could use reflection to access an injected object's public fields. Use of this method in a WebView containing untrusted content could allow an attacker to manipulate the host application in unintended ways, executing Java code with the permissions of the host application. Use extreme care when using this method in a WebView which could contain untrusted content.
- JavaScript interacts with Java object on a private, background thread of this WebView. Care is therefore required to maintain thread safety.
Parameters
- object the Java object to inject into this WebView's JavaScript context. Null values are ignored.
- name the name used to expose the object in JavaScript