Make injection decision logic more robust: only on succesful response…

…s and when containing some html
MetaMask · Mar 17, 2020 · 28eff2e · 28eff2e
1 parent 3121d35
commit 28eff2e
Showing 1 changed file with 18 additions and 5 deletions.
diff --git a/android/src/main/java/com/reactnativecommunity/webview/RNCWebViewManager.java b/android/src/main/java/com/reactnativecommunity/webview/RNCWebViewManager.java
@@ -79,7 +79,6 @@
 import java.net.URLEncoder;
 import java.nio.charset.Charset;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -144,7 +143,6 @@ public class RNCWebViewManager extends SimpleViewManager<WebView> {
   protected static final String HTML_MIME_TYPE = "text/html";
   protected static final String JAVASCRIPT_INTERFACE = "ReactNativeWebView";
   protected static final String HTTP_METHOD_POST = "POST";
-  protected static final int[] NON_INJECTABLE_RESPONSE_CODES = [ 405 ];
   // Use `webView.loadUrl("about:blank")` to reliably reset the view
   // state and release page resources (including any running JavaScript).
   protected static final String BLANK_URL = "about:blank";
@@ -227,9 +225,24 @@ public static Boolean responseRequiresJSInjection(Response response) {
       return false;
     }
     final String contentTypeAndCharset = response.header(HEADER_CONTENT_TYPE, MIME_UNKNOWN);
-    final int statusCode = response.code();
-    boolean statusCodeNotInjectable = Arrays.asList(NON_INJECTABLE_RESPONSE_CODES).contains(statusCode);
-    boolean requiresJSInjection = !statusCodeNotInjectable && contentTypeAndCharset.startsWith(MIME_TEXT_HTML);
+    final int responseCode = response.code();
+
+    String responseBody = "";
+    String contentTypeAndCharset = "";
+
+    try {
+      assert response.body() != null;
+      responseBody = response.body().string();
+    } catch (IOException e) {
+      e.printStackTrace();
+      return false;
+    }
+
+    boolean responseBodyContainsHTMLLikeString = responseBody.matches("[\\S\\s]*\\<[a-z]+[\\S\\s]*\>[\\S\\s]*");
+    boolean responseCodeIsInjectible = responseCode == 200;
+    boolean contentTypeIsHtml = contentTypeAndCharset.startsWith(MIME_TEXT_HTML)
+
+    boolean requiresJSInjection = responseBodyContainsHTMLLikeString && responseCodeIsInjectible && contentTypeIsHtml;
     return requiresJSInjection;
   }