Skip to content
This repository has been archived by the owner on May 12, 2022. It is now read-only.

Prevent js injection for non-200 response status codes #2

Merged
merged 4 commits into from
Mar 23, 2020
Merged

Prevent js injection for non-200 response status codes #2

Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3121d35
Prevent js injection for responses that contain 405 status codes, in …
danjm Mar 4, 2020
28eff2e
Make injection decision logic more robust: only on succesful response…
danjm Mar 17, 2020
b2248e3
Fix regex and body reading in responseRequiresJSInjection
danjm Mar 19, 2020
71ea824
Improve performance of body read in responseRequiresJSInjection of RN…
danjm Mar 23, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 19 additions & 1 deletion android/src/main/java/com/reactnativecommunity/webview/RNCWebViewManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,25 @@ public static Boolean responseRequiresJSInjection(Response response) {
return false;
}
final String contentTypeAndCharset = response.header(HEADER_CONTENT_TYPE, MIME_UNKNOWN);
return contentTypeAndCharset.startsWith(MIME_TEXT_HTML);
final int responseCode = response.code();

String responseBody = "";
String contentTypeAndCharset = "";

try {
assert response.body() != null;
responseBody = response.body().string();
} catch (IOException e) {
e.printStackTrace();
return false;
}

boolean responseBodyContainsHTMLLikeString = responseBody.matches("[\\S\\s]*\\<[a-z]+[\\S\\s]*\>[\\S\\s]*");
boolean responseCodeIsInjectible = responseCode == 200;
boolean contentTypeIsHtml = contentTypeAndCharset.startsWith(MIME_TEXT_HTML)

boolean requiresJSInjection = responseBodyContainsHTMLLikeString && responseCodeIsInjectible && contentTypeIsHtml;
return requiresJSInjection;
}


Expand Down