-
Notifications
You must be signed in to change notification settings - Fork 24.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
injectedJavaScript isn't properly escaped on Android #20365
Comments
If anyone needs to work around this in the meantime, you can use this super shitty hack: npm install --save encode-utf8 base64-js const encodeUtf8 = require('encode-utf8')
const base64 = require('base64-js')
// ...
/**
* @param {string} input
*/
function encodeBase64 (input) {
return base64.fromByteArray(new Uint8Array(encodeUtf8(input)))
}
// ...
const code = `YOUR JAVASCRIPT CODE GOES HERE`
const injectString = `eval(window.atob('${encodeBase64(code)}'))`
<WebView injectedJavaScript={injectString} /> |
I agree that this solution is "shitty hack", but if you need to convert to base64 |
@eranbaroz I don't think that that is a better solution. That package is only at But the most compelling reason not to use it is that it doesn't work. I actually used that package first, but |
Does anyone know why @react-native-bot marks all my issues as "Old Version", even though I'm running 0.56 which should be the latest? (ping @kelset |
Hey Linus, I'll edit your post and remove the label lets see what happens. Anyway thanks for reporting this issue, WebView is indeed quite buggy. |
@LinusU in some cases it might be right. But this specific package is only 1 week old or less and published by yours truly (me:)). |
Unfortunately, I don't know who you are so I can't attest whether or not the package is stable. That being said, I fail to see how it would be "better" than my approach, please explain
That's incorrect, the linked package is simply a small, pure javascript dependency. You can see the sources here:
But as I said, your package didn't work, so I would not recommend using that package until at least that is fixed. edit: regarding the problem with your package; on the top of my head, it seems like it has something to do with Unicode characters. It seems like you are just using |
Hi @LinusU
This is weird, I guess I got confused with a different thread - you are right, the package does not require to be linked to the project.
Well, this package meant to be simple and mainly used when you need to convert stuff such a simple text characters i.e. Basic authentication header etc.
:) - it's all about the code, (Thanks for the feedback - I really appreciate it) |
Summary: These changes will fix executing javascript with any special characters, by making use of the `evaluateJavascript` function on Android 4.4+, and by properly escaping the URI on Android <4.4. Fixes #19611 • Fixes #20365 • Fixes #9749 • Closes #19655 • Closes #12321 This PR supersedes #19655 by patching the same problem in all the places, and fixing it for Android <4.4 as well. Pull Request resolved: #20366 Differential Revision: D9242968 Pulled By: hramos fbshipit-source-id: f2e1abc786ba333dbd8aaa8922e716fd99ec26e0
Environment
Description
Any JavaScript passed as the
injectedJavaScript
property on theWebView
component on Android isn't properly escaped, and thus can lead to strange SyntaxErrors.This can be seen here as the raw string is being passed as an
javascript:
-uri:react-native/ReactAndroid/src/main/java/com/facebook/react/views/webview/ReactWebViewManager.java
Lines 328 to 334 in 6e359c4
Reproducible Demo
https://snack.expo.io/rkSxWhNVm
On iOS, three "12" are correctly showing up. On Android, only the first "12" is printed.
The text was updated successfully, but these errors were encountered: