Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why openFileChooser in WebChromeClient is hidden from the docs? Is it safe to use this method?

Tags:

android

android-webview

Most of the places I see, file upload feature in WebView is implemented using openFileChooser() method. Is it legal/safe to use this method? If I use this in code, will my code break anywhere? Any security issues if I use this method?

Why android hides this API in older versions? Only on/above 5.0 they have introduced onShowFileChooser() method, that means officially they don't support file upload in webviews below 5.0?

like image 413
Ponsuyambu Avatar asked May 06 '15 13:05

Ponsuyambu

1 Answers

Using the old openFileChooser(...) callbacks does not have any security implications. It's just fine. The only downside is that it will not be called on some platform levels and therefore not work.

  • void openFileChooser(ValueCallback<Uri> uploadMsg) works on Android 2.2 (API level 8) up to Android 2.3 (API level 10)
  • openFileChooser(ValueCallback<Uri> uploadMsg, String acceptType) works on Android 3.0 (API level 11) up to Android 4.0 (API level 15)
  • openFileChooser(ValueCallback<Uri> uploadMsg, String acceptType, String capture) works on Android 4.1 (API level 16) up to Android 4.3 (API level 18)
  • onShowFileChooser(WebView webView, ValueCallback<Uri[]> filePathCallback, WebChromeClient.FileChooserParams fileChooserParams) works on Android 5.0 (API level 21) and above

You can use a library that abstracts this away and takes care of all these callbacks on different platform levels so that it just works. Example:

https://github.com/delight-im/Android-AdvancedWebView

You can also check out how it's done in the source:

https://github.com/delight-im/Android-AdvancedWebView/blob/0f06e73ecee13ebc4552ac00bc0848e18662a25d/Source/src/im/delight/android/webview/AdvancedWebView.java#L597

https://github.com/delight-im/Android-AdvancedWebView/blob/0f06e73ecee13ebc4552ac00bc0848e18662a25d/Source/src/im/delight/android/webview/AdvancedWebView.java#L1044

The fact that it's undocumented just means that you can't rely on it. When it was introduced in Android 2.2, nobody could know that it would stop working in Android 4.4, but you had to accept it.

like image 163
caw Avatar answered Sep 18 '22 13:09

caw
Sign in to Comment

Related questions

versionCode/versionName bug
Why does Kit Kat require the use of the isValidFragment?
MvxListView create binding for template layout from code
How do I configure android tests directory?
Disable/Remove Text Select Handle from EditText in Android
How to keep a Service with listeners alive after unbind in Android?
Adding TextView in LinearLayout like chips same as Gmail address suggestion
renaming apk in gradle
Android styles.xml windowNoTitle (ActionBarActivity)
Theme Dependent Android Strings
Do Android AlarmManagers continue to run after an app update?
Android EditText: How to create an empty bullet paragraph by BulletSpan?
appcompat v21 throws java.lang.UnsupportedOperationException
How do I export Point Cloud Data (Project Tango)?
Any faster way to dump UI hierarchy?
Android Annotation Error with Android Studio Update 1.0
I have a keystore file, how do I provide keyManagers to sslContext in Android app?
XMPP Connection with Smack 4.1 on Android Studio
Setting and fetching a StringSet from SharedPreferences?
See navigation drawer preview

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!