android软件开发之webView.addJavascriptInterface循环渐进【一】: [url]http://www.sollyu.com/android-software-development-webview-addjavascriptinterface-cycle-of-gradual-one[/url]
android软件开发之webView.addJavascriptInterface循环渐进【二】: [url]http://www.sollyu.com/586[/url]


[size=x-large][color=red]WebView注入Java对象注意事项[/color][/size]
[color=red]在android4.2以前[/color],注入步骤如下:

webview.getSetting().setJavaScriptEnable(true);  
class JsObject {  
    public String toString() { return "injectedObject"; }  
 }  
 webView.addJavascriptInterface(new JsObject(), "injectedObject");


[color=red]Android4.2及以后[/color],注入步骤如下:


webview.getSetting().setJavaScriptEnable(true);  
class JsObject {  
    @JavascriptInterface  
    public String toString() { return "injectedObject"; }  
 }  
 webView.addJavascriptInterface(new JsObject(), "injectedObject");



发现区别没?4.2之前向webview注入的对象所暴露的接口toString没有注释语句@JavascriptInterface,而4.2及以后的则多了注释语句@JavascriptInterface


经过查官方文档所知,因为这个接口允许JavaScript 控制宿主应用程序,这是个很强大的特性,但同时,在4.2的版本前存在重大安全隐患,因为JavaScript 可以使用反射访问注入webview的java对象的public fields,在一个包含不信任内容的WebView中使用这个方法,会允许攻击者去篡改宿主应用程序,使用宿主应用程序的权限执行java代码。因此4.2以后,任何为JS暴露的接口,都需要加[color=red]@JavascriptInterface[/color],注释,这样,这个Java对象的fields 将不允许被JS访问。




HTML调用android的方法:


1.配置android支持js


WebSettings webSettings = webview.getSettings();

webSettings.setJavaScriptEnabled(true);//启用javascript支持


2.定义和暴露接口给js


webview.addJavascriptInterface(new PersonPlugin(), "Person");


private final class PersonPlugin {
        @JavascriptInterface
        public void getPersonList() {
            ......
        }
    }


3.js访问


Person.getPersonList();


Android访问HTML方法


1.在html定义方法


function show(){
  document.write("This is a test message.");
}


2.在android中访问js方法:


webview.loadUrl("javascript:show('" + JSONStr + "')");




例子:


================================================


package com.example.html5Java;

import android.app.Activity;
import android.content.Intent;
import android.graphics.Bitmap;
import android.net.Uri;
import android.os.Bundle;
import android.util.Log;
import android.webkit.*;
import com.example.html5Java.app.Person;
import com.example.html5Java.app.PersonService;
import org.json.JSONArray;
import org.json.JSONObject;

import java.util.List;

public class MyActivity extends Activity {
    private static final String LOG_TAG = "WebViewDemo";
    private PersonService service;
    private WebView webview;

    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.main);
        service = new PersonService();
        webview = (WebView) this.findViewById(R.id.webView);//android内置浏览器对象

        WebSettings webSettings = webview.getSettings();
        webSettings.setJavaScriptEnabled(true);//启用javascript支持

        webSettings.setSavePassword(false);
        webSettings.setSaveFormData(false);
        webSettings.setSupportZoom(false);
        webview.setWebChromeClient(new MyWebChromeClient());

        //添加一个js交互接口,方便html布局文件中的javascript代码能与后台java代码直接交互访问
        webview.addJavascriptInterface(new PersonPlugin(), "Person");//new类名,交互访问时使用的别名
        // <body onload="javascript:Person.getPersonList()">
        //其实可以把这个html布局文件放在公网中,这样方便随时更新维护  例如 webview.loadUrl("www.xxxx.com/index.html");
        webview.loadUrl("file:///android_asset/index.html");//加载本地的html布局文件

        webview.setWebViewClient(new WebViewClient() {
            //网页加载开始时调用,显示加载提示旋转进度条
            @Override
            public void onPageStarted(WebView view, String url, Bitmap favicon) {
                // TODO Auto-generated method stub
                super.onPageStarted(view, url, favicon);
            }

            //网页加载完成时调用,隐藏加载提示旋转进度条
            @Override
            public void onPageFinished(WebView view, String url) {
                // TODO Auto-generated method stub
                super.onPageFinished(view, url);
            }

            //网页加载失败时调用,隐藏加载提示旋转进度条
            @Override
            public void onReceivedError(WebView view, int errorCode,
                                        String description, String failingUrl) {
                super.onReceivedError(view, errorCode, description, failingUrl);
            }

        });
    }

    //定义一个内部类,从java后台(可能是从网络,文件或者sqllite数据库) 获取List集合数据,并转换成json字符串,调用前台js代码
    private final class PersonPlugin {
        @JavascriptInterface
        public void getPersonList() {
            List<Person> list = service.getPersonList();//获得List数据集合
            //将List泛型集合的数据转换为JSON数据格式
            try {
                JSONArray arr = new JSONArray();
                for (Person person : list) {
                    JSONObject json = new JSONObject();
                    json.put("id", person.getId());
                    json.put("name", person.getName());
                    json.put("mobile", person.getMobile());
                    arr.put(json);

                }
                String JSONStr = arr.toString();//转换成json字符串
                webview.loadUrl("javascript:show('" + JSONStr + "')");//执行html布局文件中的javascript函数代码--
                Log.i("MainActivity", JSONStr);
            } catch (Exception e) {
                // TODO: handle exception
            }

        }

        @JavascriptInterface
        //打电话的方法
        public void call(String mobile) {
            Intent intent = new Intent(Intent.ACTION_CALL, Uri.parse("tel:" + mobile));
            startActivity(intent);
        }
    }

    final class MyWebChromeClient extends WebChromeClient {
        @Override
        public boolean onJsAlert(WebView view, String url, String message, JsResult result) {
            Log.d(LOG_TAG, message);
            result.confirm();
            return true;
        }
    }
}


package com.dazhuo.domain;

public class Person {
    private Integer id;
    public Integer getId() {
        return id;
    }
    public Person(Integer id, String name, String mobile) {
        super();
        this.id = id;
        this.name = name;
        this.mobile = mobile;
    }
    public void setId(Integer id) {
        this.id = id;
    }
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
    public String getMobile() {
        return mobile;
    }
    public void setMobile(String mobile) {
        this.mobile = mobile;
    }
    private String name;
    private String mobile;
}


package com.dazhuo.service;

import java.util.ArrayList;
import java.util.List;

import com.dazhuo.domain.Person;

public class PersonService {
   public List<Person> getPersonList()
   {

       List<Person> list =new ArrayList<Person>();
       list.add(new Person(32, "aa", "13675574545"));
       list.add(new Person(32, "bb", "13698874545"));
       list.add(new Person(32, "cc", "13644464545"));
       list.add(new Person(32, "dd", "13908978877"));
       list.add(new Person(32, "ee", "15908989898"));
     return list;
   }
}


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Insert title here</title>
    <script type="text/javascript">
        function show(jsondata){
            var jsonobjs = eval(jsondata);
            var table = document.getElementById("personTable");
            for(var y=0; y<jsonobjs.length; y++){
                var tr = table.insertRow(table.rows.length); //添加一行
                //添加三列
                var td1 = tr.insertCell(0);
                var td2 = tr.insertCell(1);
                td2.align = "center";
                var td3 = tr.insertCell(2);
                td3.align = "center";
                //设置列内容和属性
                td1.innerHTML = jsonobjs[y].id;
                td2.innerHTML = jsonobjs[y].name;
                td3.innerHTML = "<a href='javascript:Person.call(\""+ jsonobjs[y].mobile+ "\")'>"+ jsonobjs[y].mobile+ "</a>";
            }
        }
        function test(){
            alert("======================>Alert测试");
            document.write("执行测试");
        }
    </script>

</head>
<!-- js代码通过webView调用其插件中的java代码 -->
<body onload="Person.getPersonList();">
<table border="0" width="100%" id="personTable" cellspacing="0">
    <tr>
        <td width="20%">编号</td><td width="40%" align="center">姓名</td><td align="center">电话</td>
    </tr>
</table>
<a href="javascript:window.location.reload();">刷新本页面</a>
<a href="javascript:test()">测试函数</a>
</body>

/</html>