In Android, JSBridge is not a new thing, and various implementations are also slightly different. Most people know that there is a loophole WebView details see you do not know the use of Android WebView vulnerability , although the vulnerability has been fixed in Android 4.2, that is, instead of using @JavascriptInterface addJavascriptInterface, but because of compatibility and security issues, basic we will not use the Android system addJavascriptInterface method we offer or @JavascriptInterface notes to achieve, so we have to look for other ways to find safe, but also to achieve compatible with all versions of Android programs.
First, let's look at why use JSBridge, in development, in order to pursue the development of efficiency and convenience transplant, and some show strong performance and the page is not very high, we would prefer to use h5 to complete, functional the page we will prefer to use native to complete, and once used h5, h5 in order to get native experience possible, we need to expose some of the native layer js method to invoke, for example, to remind the bomb Toast, playing Dialog, share and the like, sometimes the h5 placed native network requests to complete, and is typically a well done JSBridge micro-channel, micro-channel to provide a developer JSSDK, the method of the SDK exposes a lot of native micro-channel layer, such as payment , location and so on.
So, how to achieve a compatible Android versions but also has some security JSBridge it? We know that in WebView, if you want to call java js method is very easy to do, Android4.4 previously used WebView.loadUrl ( "javascript: function () "). After Android4.4, using the following methods
webView.evaluateJavascript(“javascript:function()”, new ValueCallback<String>() {
@Override
public void onReceiveValue(String value) {
Toast.makeText(MainActivity.this, "onReceiveValue Java To JS", Toast.LENGTH_SHORT).show();
}
});
, So that you do communicate JSBridge the native layer calls h5 layer, but h5 layer how to adjust the native layer of it, we need to find such a channel, carefully recall, WebView there a method, called setWebChromeClient, you can set WebChromeClient object, this object has three methods, namely onJsAlert, onJsConfirm, onJsPrompt, when the corresponding window object method calls js, i.e. window.alert, window.confirm, window.prompt, three methods WebChromeClient corresponding object will be trigger, we can not use this mechanism, some of their own to deal with it? The answer is yes.
Js As for the difference between these three methods, you can see the w3c JavaScript message box. In general, we will not use onJsAlert, and why? Js alert because the frequency of use is still very high, once we take up this channel, the normal use of alert will be affected, and confirm and prompt the frequency of use is relatively alert, it is a little lower. So in the end choose confirm or prompt it, in fact, confirm the frequency of use is not low, such as you point a link to download a file, this time if needed pop up a prompt for confirmation, click OK will download, download point will not be canceled , this scenario is still a lot of similar, and therefore can not occupy confirm. The prompt is not the same, in Android, almost no use to this method is used, will be customized, so we can use this method. This method is an input box pops up, and then let you enter, return the contents of the input box when finished. Therefore, take prompt is again perfect enough.