This repository has been archived by the owner on Feb 22, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9.8k
[webview_flutter] [url_launcher] Handle Multiwindows in WebViews #2991
Merged
Merged
Changes from 2 commits
Commits
Show all changes
25 commits
Select commit
Hold shift + click to select a range
68f8848
webview portion
bparrishMines 7337002
url_launcher
bparrishMines 3fa09aa
formatting
bparrishMines 39b030b
Seperate to a class
bparrishMines bb8154b
Add documentation
bparrishMines 625f673
Change doc location
bparrishMines 9f8014f
load with no navigation delegate
bparrishMines ef55f08
formatting
bparrishMines 9bd470a
test for window open
bparrishMines 3c6de98
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines 833bb0a
Add test to check for http/https
bparrishMines dde8c7f
dont filter url and set test to only run on android
bparrishMines c12449a
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines c5bf9d1
version bump
bparrishMines 7657a2c
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines 380c7dd
javascript test
bparrishMines 9bfc1d2
Add iframe
bparrishMines dd4deec
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines 022e717
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines 9d6a594
replace onLoad
bparrishMines 2a6d766
Merge branch 'master' of github.com:flutter/plugins into eat_js_webview
bparrishMines 94c7b5a
use iframeLoaded variable
bparrishMines fab93d7
fix iframe test
bparrishMines f6bf112
Test name change
bparrishMines 6d53eda
update test
bparrishMines File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -862,6 +862,50 @@ void main() { | |
}, | ||
skip: !Platform.isAndroid, | ||
); | ||
|
||
testWidgets( | ||
'javascript does not run in parent window', | ||
(WidgetTester tester) async { | ||
final String openWindowTest = ''' | ||
<!DOCTYPE html><html> | ||
<head><title>Resize test</title> | ||
<script> | ||
setTimeout(function() { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this document needs to be inside the |
||
window.open('javascript:var elem = document.createElement("p");elem.innerHTML = "<b>Executed JS in parent origin: "+window.location.origin+"</b>"; document.body.append(elem);alert("XSS in doc.domain: "+document.domain+", win.origin: "+window.location.origin)'); | ||
}, 0); | ||
</script> | ||
</head> | ||
<body onload="onLoad();" bgColor="blue"> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
function onLoad() {
window.open('javascript:var elem = document.createElement("p");elem.innerHTML = "<b>Executed JS in parent origin: "+window.location.origin+"</b>"; document.body.append(elem);alert("XSS in doc.domain: "+document.domain+", win.origin: "+window.location.origin)');
} |
||
</body> | ||
</html> | ||
'''; | ||
final String openWindowTestBase64 = | ||
base64Encode(const Utf8Encoder().convert(openWindowTest)); | ||
final Completer<WebViewController> controllerCompleter = | ||
Completer<WebViewController>(); | ||
|
||
await tester.pumpWidget( | ||
Directionality( | ||
textDirection: TextDirection.ltr, | ||
child: WebView( | ||
key: GlobalKey(), | ||
onWebViewCreated: (WebViewController controller) { | ||
controllerCompleter.complete(controller); | ||
}, | ||
javascriptMode: JavascriptMode.unrestricted, | ||
initialUrl: | ||
'data:text/html;charset=utf-8;base64,$openWindowTestBase64', | ||
), | ||
), | ||
); | ||
|
||
final WebViewController controller = await controllerCompleter.future; | ||
final String result = await controller.evaluateJavascript( | ||
'document.querySelector("p") && document.querySelector("p").textContent'); | ||
print(result); | ||
}, | ||
skip: !Platform.isAndroid, | ||
); | ||
} | ||
|
||
// JavaScript booleans evaluate to different string values on Android and iOS. | ||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uber nit: resize test -> XSS test