Skip to content
This repository has been archived by the owner on Feb 22, 2023. It is now read-only.

[webview_flutter] [url_launcher] Handle Multiwindows in WebViews #2991

Merged
merged 25 commits into from
Sep 21, 2020
Merged

[webview_flutter] [url_launcher] Handle Multiwindows in WebViews #2991

Changes from 2 commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
68f8848
webview portion
bparrishMines Sep 2, 2020
7337002
url_launcher
bparrishMines Sep 2, 2020
3fa09aa
formatting
bparrishMines Sep 2, 2020
39b030b
Seperate to a class
bparrishMines Sep 2, 2020
bb8154b
Add documentation
bparrishMines Sep 2, 2020
625f673
Change doc location
bparrishMines Sep 2, 2020
9f8014f
load with no navigation delegate
bparrishMines Sep 4, 2020
ef55f08
formatting
bparrishMines Sep 4, 2020
9bd470a
test for window open
bparrishMines Sep 5, 2020
3c6de98
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines Sep 8, 2020
833bb0a
Add test to check for http/https
bparrishMines Sep 8, 2020
dde8c7f
dont filter url and set test to only run on android
bparrishMines Sep 9, 2020
c12449a
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines Sep 9, 2020
c5bf9d1
version bump
bparrishMines Sep 10, 2020
7657a2c
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines Sep 11, 2020
380c7dd
javascript test
bparrishMines Sep 11, 2020
9bfc1d2
Add iframe
bparrishMines Sep 12, 2020
dd4deec
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines Sep 12, 2020
022e717
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines Sep 15, 2020
9d6a594
replace onLoad
bparrishMines Sep 17, 2020
2a6d766
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines Sep 17, 2020
94c7b5a
use iframeLoaded variable
bparrishMines Sep 17, 2020
fab93d7
fix iframe test
bparrishMines Sep 18, 2020
f6bf112
Test name change
bparrishMines Sep 18, 2020
6d53eda
update test
bparrishMines Sep 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions packages/webview_flutter/example/test_driver/webview_flutter_e2e.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -862,6 +862,50 @@ void main() {
},
skip: !Platform.isAndroid,
);

testWidgets(
'javascript does not run in parent window',
(WidgetTester tester) async {
final String openWindowTest = '''
<!DOCTYPE html><html>
<head><title>Resize test</title>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uber nit: resize test -> XSS test

<script>
setTimeout(function() {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this document needs to be inside the <iframe>

window.open('javascript:var elem = document.createElement("p");elem.innerHTML = "<b>Executed JS in parent origin: "+window.location.origin+"</b>"; document.body.append(elem);alert("XSS in doc.domain: "+document.domain+", win.origin: "+window.location.origin)');
}, 0);
</script>
</head>
<body onload="onLoad();" bgColor="blue">
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

onLoad isn't defined. Actually, you might be able to remove the setTimeout and just define:

function onLoad() {
  window.open('javascript:var elem = document.createElement("p");elem.innerHTML = "<b>Executed JS in parent origin: "+window.location.origin+"</b>"; document.body.append(elem);alert("XSS in doc.domain: "+document.domain+", win.origin: "+window.location.origin)');
}

</body>
</html>
''';
final String openWindowTestBase64 =
base64Encode(const Utf8Encoder().convert(openWindowTest));
final Completer<WebViewController> controllerCompleter =
Completer<WebViewController>();

await tester.pumpWidget(
Directionality(
textDirection: TextDirection.ltr,
child: WebView(
key: GlobalKey(),
onWebViewCreated: (WebViewController controller) {
controllerCompleter.complete(controller);
},
javascriptMode: JavascriptMode.unrestricted,
initialUrl:
'data:text/html;charset=utf-8;base64,$openWindowTestBase64',
),
),
);

final WebViewController controller = await controllerCompleter.future;
final String result = await controller.evaluateJavascript(
'document.querySelector("p") && document.querySelector("p").textContent');
print(result);
},
skip: !Platform.isAndroid,
);
}

// JavaScript booleans evaluate to different string values on Android and iOS.
Expand Down